Security Automations for AWS WAF

Deploy a set of preconfigured AWS WAF rules to filter common web-based attacks


This solution automatically deploys a set of AWS WAF (web application firewall) rules that filter common web-based attacks. Users can select from preconfigured protective features that define the rules included in an AWS WAF web access control list (web ACL). Once deployed, AWS WAF protects your Amazon CloudFront distributions or Application Load Balancers by inspecting web requests.

You can use AWS WAF to create custom, application-specific rules that block attack patterns to ensure application availability, secure resources, and prevent excessive resource consumption.

The Security Automations for AWS WAF solution supports the latest version of AWS WAF (AWS WAFV2) service API.


Automatic WAF rules configuration

The AWS CloudFormation template automatically launches and configures the AWS WAF settings and protective features that you choose to include during initial deployment.

Log analysis

When activated, AWS CloudFormation provisions an Amazon Athena query and a scheduled AWS Lambda function responsible for orchestrating Athena executing, processing result output, and updating AWS WAF.

Build your own monitoring dashboard

This solution emits CloudWatch metrics such as allowed requests and blocked requests. You can build a customized dashboard to visualize these metrics and gain insights into the pattern of attacks and protection provided by AWS WAF.

Technical details

The Security Automations for AWS WAF solution provides fine-grained control over the requests attempting to access your web application. The following diagram presents the architecture that you can build using the solution's implementation guide and accompanying AWS CloudFormation template.

At the core of the design is an AWS WAF web ACL that acts as central inspection and decision point for all incoming requests. The protective functions that you choose to activate determine the WAF rules that are added to your web ACL. The labels of the WAF rules in the architecture diagram don’t reflect the priority level of the rules.


About this deployment
Est. deployment time
15 mins
Estimated cost
AWS Support
Download implementation guide  Source code  CloudFormation template  Subscribe to RSS feed 
Deployment options
Ready to get started?
Deploy this solution by launching it in your AWS Console

Need help? Deploy with a partner.
Find an AWS Certified third-party expert to assist with this deployment
Did this AWS Solution help you?
Provide feedback
Getting Started with AWS Security, Identity, and Compliance

This course provides an overview of AWS security technology, use cases, benefits, and services. The infrastructure protection section covers AWS WAF for traffic filtering.

Enroll now 
Introduction to Amazon Macie

Amazon Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS. In this course, you will be introduced to Amazon Macie, how the service works, and the underlying concepts driving the service.

Enroll now 
AWS Certified Security – Specialty

This exam tests your technical expertise in securing the AWS platform. This is for anyone in an experienced security role.

Schedule your exam 
Case Study
Peach Logo
Peach Boosts Security and Customer Confidence Using AWS Security Automations
Digital advertising company Peach has a large digital footprint but historically has not been at high risk for cyberattacks. But when it noticed an uptick in attacks, the company knew it needed to take further steps to protect its systems.

So Peach turned to AWS for a solution, and now Peach not only blocks cyberattacks but also deters them—reducing needless service slowdowns and boosting customer confidence.

Read the full case study 
A Security Solution for Peach
Watch the video