The AWS Best Practices for DDoS Resiliency whitepaper provides an overview of DDoS attacks, capabilities provided by AWS, mitigation techniques, and a DDoS-resilient reference architecture that can be used as a guide to help protect application availability.
Q: Can I incorporate the AWS WAF Security Automations solution into my existing web application firewall strategy?
A: Yes. You can aggregate existing rules and solution-created rules into a single web ACL. Note that individual web ACLs are subject to rule limits (now called quotas); see the AWS WAF Developer Guide for information.
Q: How much does it cost to run this solution?
A: This solution is free to launch; however, you are responsible for the cost of the AWS services used while running this solution. For example, if you use the Athena log parser option with the HTTP Flood Protection and/or Scanners and Probes Protection rules, you will be charged for Athena usage. The log parser is scheduled to run a query against the Amazon S3 log bucket every five minutes. For more information, see the sample Cost Estimate of Amazon Athena.
Q: Can I use this solution to protect multiple web applications?
A: Yes. After you deploy the solution, you can associate its web ACL (with all the rules included in this solution) with multiple web applications. Note that the web ACL that the solution creates will be compatible with either a CloudFront distribution or an Application Load Balancer, depending on what you select for the Endpoint Type template parameter.
Q: Can I extend the functionality of AWS WAF Security Automations?
A: Yes. You can modify and customize all the rules provided in this solution. During initial configuration, use the template parameters to control rule behavior, as well as the code for the AWS Lambda functions.
Q: Does the AWS WAF Security Automations solution integrate with my third-party web application firewall?
A: No. These rules are specific to the AWS WAF service.
Q: Can I deploy AWS WAF Security Automations in any AWS Region?
A: For web apps deployed with an Application Load Balancer, you must deploy the solution's AWS CloudFormation template in an AWS Region that supports AWS WAF for Application Load Balancers (for the most current AWS WAF availability, see AWS service offerings by region).
For web apps deployed with Amazon CloudFront, you can deploy the solution template in any AWS Region. Once deployed, AWS WAF can monitor web requests at any other CloudFront edge location.
Training and Certification
AWS Training and Certification builds your competence, confidence, and credibility through practical cloud skills that help you innovate and build your future. Learn more »
Getting Started with AWS Security, Identity, and Compliance
This course provides an overview of AWS security technology, use cases, benefits, and services. The infrastructure protection section covers AWS WAF for traffic filtering
Introduction to Amazon Macie
Amazon Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS. In this course, you will be introduced to Amazon Macie, how the service works, and the underlying concepts driving the service.
AWS Certified Security – Specialty
This exam tests your technical expertise in securing the AWS platform. This is for anyone in an experienced security role.
The AWS Partner Network (APN) is focused on helping partners build successful AWS-based businesses to drive superb solutions and customer experiences. APN Partners are focused on customer success, helping you take full advantage of all the business benefits that AWS has to offer. With their deep expertise on AWS, APN Partners are uniquely positioned to help your company at any stage of your Cloud Adoption Journey and to help you solve some of your most complex problems.