The AWS Best Practices for DDoS Resiliency whitepaper provides an overview of DDoS attacks, capabilities provided by AWS, mitigation techniques, and a DDoS-resilient reference architecture that can be used as a guide to help protect application availability.

Download the whitepaper 


Q: Can I incorporate the Security Automations for AWS WAF  solution into my existing web application firewall strategy?

A: Yes. You can aggregate existing rules and solution-created rules into a single web ACL. Note that individual web ACLs are subject to rule limits (now called quotas); refer to the AWS WAF Developer Guide for information.

Q: Can I use these solutions to protect multiple web applications?

A: Yes. After you deploy the Security Automations for AWS WAF solution, you can associate its web ACL (with all the rules included in the solution) with multiple web applications. Note that the web ACL that the solution creates will be compatible with either a CloudFront distribution or an Application Load Balancer, depending on what you select for the Endpoint Type template parameter.

Q: Can I extend the functionality of Security Automations for AWS WAF ?

A: Yes. You can modify and customize all the rules provided in either solution. During initial configuration, use the template parameters to control rule behavior, as well as the code for the AWS Lambda functions.

Q: Do these solutions integrate with my third-party web application firewall?

A: No. These rules are specific to the AWS WAF service.

Q: Can I deploy these solutions in any AWS Region?

A: For web apps deployed with an Application Load Balancer, you must deploy the relevant solution's AWS CloudFormation template in an AWS Region that supports AWS WAF for Application Load Balancers (for the most current AWS WAF availability, refer to AWS service offerings by Region).

For web apps deployed with Amazon CloudFront, you can deploy the solution template only in the US East (N. Virginia) Region.

Training and Certification

AWS Training and Certification builds your competence, confidence, and credibility through practical cloud skills that help you innovate and build your future.  Learn more »

Getting Started with AWS Security, Identity, and Compliance

This course provides an overview of AWS security technology, use cases, benefits, and services. The infrastructure protection section covers AWS WAF for traffic filtering

Enroll now »

Introduction to Amazon Macie

Amazon Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS. In this course, you will be introduced to Amazon Macie, how the service works, and the underlying concepts driving the service.

Enroll now »

AWS Certified Security – Specialty

This exam tests your technical expertise in securing the AWS platform. This is for anyone in an experienced security role.

Schedule your exam »

Partner resources

The AWS Partner Network (APN) is focused on helping partners build successful AWS-based businesses to drive superb solutions and customer experiences. APN Partners are focused on customer success, helping you take full advantage of all the business benefits that AWS has to offer. With their deep expertise on AWS, APN Partners are uniquely positioned to help your company at any stage of your Cloud Adoption Journey and to help you solve some of your most complex problems.

Visit the following pages to learn more about the services we used to build this AWS Solution.

Need more resources to get started with AWS?

Visit the Getting Started Resource Center to find tutorials, projects and videos to get started with AWS.

Learn more »