Getting Started with AWS WAF


One of the ways in which customers use AWS WAF is to automate security using AWS Lambda, which can analyze web logs and identify malicious requests and automatically update security rules. The following tutorials take care of going through the individual steps of configuring AWS WAF using AWS CloudFormation and include Lambda scripts to help get started protecting your web applications.

Pre-configured protections

You can use our preconfigured template to quickly get started with AWS WAF. The template includes a set of AWS WAF rules, which can be customized to best fit your needs, designed to block common web-based attacks. The rules help protect against bad bots, SQL Injection, Cross-site scripting (XSS), HTTP Floods, and known attacker attacks. Once you deploy the template, AWS WAF begins to block the web requests to your CloudFront distributions that match the preconfigured rules in your web access control list (web ACL). You can use this automated solution in addition to other web ACLs that you configure.

Get started with pre-configured protections »

Blocking IP addresses that exceed request limits

One security challenge you may have faced is how to prevent your web servers from being affected by distributed denial of service (DDoS) attacks, commonly called HTTP floods. In this tutorial, you will provision a solution that will identify IP addresses that are sending requests over your defined threshold and updates your AWS WAF rules to automatically block subsequent requests from those IP addresses.

Get started blocking IP addresses that exceed request limits »

Blocking IP addresses that submit bad requests

Internet-facing web applications are frequently scanned by various sources, and unless managed by you, the sources probably don't have good intentions. To find vulnerabilities, these scans send out a series of requests that generate HTTP 4xx error codes which you can use to identify and block. In this tutorial, you’ll create a Lambda function that automatically parses CloudFront access logs, counts the number of bad requests from unique sources (IP addresses), and updates AWS WAF to block further scans from those IP addresses.

Get started blocking IP addresses that submit bad requests »

Using bad actor IP blacklists to prevent web attacks

AWS WAF can help you protect your web applications from exploits that originate from IP addresses that are known to be operated by bad actors such as spammers, malware distributors, and botnets. In this tutorial, you will learn how to synchronize AWS WAF Rules with reputation lists to block the ever-changing list of IP addresses used for web attacks, keeping up with bad actors as they swap addresses and attempt to escape detection.

Get started with bad actor IP blacklists »

Additional resources

Stay connected with AWS

Documentation & downloads

Discover more AWS WAF resources

Visit the resources page
Ready to build?
Get started with AWS WAF
Have more questions?
Contact us