One of the ways in which customers use AWS WAF is to automate security using AWS Lambda, which can analyze web logs and identify malicious requests and automatically update security rules. The following tutorials take care of going through the individual steps of configuring AWS WAF using AWS CloudFormation and include Lambda scripts to help get started protecting your web applications.

Check this page frequently for more tutorials to come.

Get Started with AWS for Free

Create a Free Account

Receive twelve months of access to the AWS Free Tier and enjoy AWS Basic Support features including, 24x7x365 customer service, support forums, and more.


Pre-configured Protections: You can use our preconfigured template to quickly get started with AWS WAF. The template includes a set of AWS WAF rules, which can be customized to best fit your needs, designed to block common web-based attacks. The rules help protect against bad bots, SQL Injection, Cross-site scripting (XSS), HTTP Floods, and known attacker attacks. Once you deploy the template, AWS WAF begins to block the web requests to your CloudFront distributions that match the preconfigured rules in your web access control list (web ACL). You can use this automated solution in addition to other web ACLs that you configure.

Get Started With Pre-configured Protections

Social_Firewall_Orange

Blocking IP Address that Exceed Request Limits: one security challenge you may have faced is how to prevent your web servers from being affected by distributed denial of service (DDoS) attacks, commonly called HTTP floods. In this tutorial, you will provision a solution that will identify IP addresses that are sending requests over your defined threshold and updates your AWS WAF rules to automatically block subsequent requests from those IP addresses.

Get Started Blocking IP Addresses that Exceed Request Limits

Scans

Blocking IP Addresses that Submit Bad Requests: Internet-facing web applications are frequently scanned by various sources, and unless managed by you, the sources probably don't have good intentions. To find vulnerabilites, these scans send out a series of requests that generate HTTP 4xx error codes which you can use to identify and block. In this tutorial, you’ll create a Lambda function that automatically parses CloudFront access logs, counts the number of bad requests from unique sources (IP addresses), and updates AWS WAF to block further scans from those IP addresses.

Get Started Blocking IP Addresses that Submit Bad Requests

IP-blacklist

Using Bad Actor IP BlackLists to Prevent Web Attacks: AWS WAF can help you protect your web applications from exploits that originate from IP addresses that are known to be operated by bad actors such as spammers, malware distributors, and botnets. In this tutorial, you will learn how to synchronize AWS WAF Rules with reputation lists to block the ever-changing list of IP addresses used for web attacks, keeping up with bad actors as they swap addresses and attempt to escape detection

Get Started With Bad Actor IP BlackLists