Overview
You can use AWS WAF to create custom, application-specific rules that block attack patterns to help ensure application availability, secure resources, and prevent excessive resource consumption.
This AWS Solution supports the latest version of the AWS WAF (AWS WAFV2) service API.
Benefits
Automatically launch and configure the AWS WAF settings and protective features that you choose to include during initial deployment by using the AWS CloudFormation template.
Activate AWS CloudFormation to provision an Amazon Athena query and a scheduled AWS Lambda function responsible for orchestrating Athena, processing result output, and updating AWS WAF.
Build a customized dashboard to visualize Amazon CloudWatch metrics emitted by this solution, and gain insights into the pattern of attacks and protection provided by AWS WAF.
Technical details
You can automatically deploy this architecture using the implementation guide and the accompanying AWS CloudFormation template.
A. AWS managed rules
This set of AWS Managed Rules provides protection against exploitation of a wide range of common application vulnerabilities or other unwanted traffic.
B. & C. Manual IP lists
This component creates two specific AWS WAF rules that allow you to manually insert IP addresses that you want to allow or deny. You can also configure IP retention and remove expired IP addresses from these IP lists.
D. & E. SQL injection and XSS
The solution configures two AWS WAF rules that are designed to protect against common SQL injection or XSS patterns in the URI, query string, or body of a request.
F. HTTP flood
This component helps protect against attacks that consist of a large number of requests from a particular IP address, such as a web-layer distributed denial-of-service (DDoS) attacks or a brute-force login attempt. You can set a quota that defines the maximum number of incoming requests allowed from a single IP address within a default five-minute period.
G. Scanners and probes
This component parses application access logs searching for suspicious behavior, such as an abnormal amount of errors generated by an origin. It then blocks those suspicious source IP addresses for a customer-defined period of time.
H. IP reputation lists
This component is the IP Lists Parser AWS Lambda function, which checks third-party IP reputation lists hourly for new ranges to block.
I. Bad bot
This component automatically sets up a honeypot, which is a security mechanism intended to lure and deflect an attempted attack.
A. AWS managed rules
This set of AWS Managed Rules provides protection against exploitation of a wide range of common application vulnerabilities or other unwanted traffic.
B. & C. Manual IP lists
This component creates two specific AWS WAF rules that allow you to manually insert IP addresses that you want to allow or deny. You can also configure IP retention and remove expired IP addresses from these IP lists.
D. & E. SQL injection and XSS
The solution configures two AWS WAF rules that are designed to protect against common SQL injection or XSS patterns in the URI, query string, or body of a request.
F. HTTP flood
This component helps protect against attacks that consist of a large number of requests from a particular IP address, such as a web-layer distributed denial-of-service (DDoS) attacks or a brute-force login attempt. You can set a quota that defines the maximum number of incoming requests allowed from a single IP address within a default five-minute period.
G. Scanners and probes
This component parses application access logs searching for suspicious behavior, such as an abnormal amount of errors generated by an origin. It then blocks those suspicious source IP addresses for a customer-defined period of time.
H. IP reputation lists
This component is the IP Lists Parser AWS Lambda function, which checks third-party IP reputation lists hourly for new ranges to block.
I. Bad bot
This component automatically sets up a honeypot, which is a security mechanism intended to lure and deflect an attempted attack.
- Publish Date
Note: Before you launch the solution in the AWS Management Console, ensure that you meet the prerequisites in the implementation guide.
Related content
This course provides an overview of AWS security technology, use cases, benefits, and services. The infrastructure protection section covers AWS WAF for traffic filtering.
Amazon Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS. In this course, you will be introduced to Amazon Macie, how the service works, and the underlying concepts driving the service.
This exam tests your technical expertise in securing the AWS platform. This is for anyone in an experienced security role.
So Peach turned to AWS for a solution, and now Peach not only blocks cyberattacks but also deters them—reducing needless service slowdowns and boosting customer confidence.