Whether you are just starting your observability journey or already are an expert, our courses will help advance your knowledge and practical skills.
Expert insight, best practices and information on everything related to Observability issues, trends and solutions.
Explore our guides on a broad range of observability related topics.
Amazon Web Services Web Application Firewall (AWS WAF) is a cloud-based security service that helps protect web applications from common web exploits and bots that could affect application availability, compromise security, or consume excessive resources. By defining customizable web security rules, AWS WAF can block common attack patterns, such as SQL injection or cross-site scripting.
The service integrates with other AWS services like Amazon CloudFront and Application Load Balancer, allowing organizations to implement security at the edge of their network or directly on their applications. This integration makes it easier to deploy and manage security rules across large and complex deployments.
AWS WAF includes the following components:
Related content: Read our guide to WAF architecture (coming soon)
AWS Shield Advanced and Firewall Manager are two complementary security solutions provided by AWS, which can work together with AWS WAF.
AWS Shield Advanced provides enhanced protections for web applications against more sophisticated attacks such as Distributed Denial of Service (DDoS) attacks. It offers additional detection and mitigation capabilities, combined with detailed attack diagnostics, allowing users to better understand and prepare against such threats.
AWS Firewall Manager simplifies the administration of firewall rules across multiple AWS accounts and resources. It centralizes the management of security settings, ensuring consistent application of firewall protection according to organizational policies. This is particularly useful for enterprises managing complex environments with multiple operational requirements.
AWS WAF can be used to protect a variety of Amazon resources.
By integrating AWS WAF with Amazon CloudFront, users can inspect and filter content delivery network (CDN) traffic at the edge locations. This reduces latency by preventing attacks from reaching the application server. It’s especially effective against large scale DDoS attacks and SQL injection attempts, while also helping to meet geographic restrictions by blocking requests from unwanted regions.
Amazon API Gateway REST APIs can be directly protected with AWS WAF, allowing only legitimate requests to pass through to backend services. This includes protection against content-based attacks and rate-based attacks, which helps maintain API availability and performance. API developers can define precursors for acceptable requests, protecting backend systems from exploitative traffic.
AWS WAF can be associated with Application Load Balancer to inspect and conditionally_route incoming traffic. This setup is particularly useful in microservices architectures where different services require differing levels of protection. It also aids in achieving high availability and fault tolerance by distributing traffic while enforcing security rules.
Integrating AWS WAF with AWS AppSync GraphQL APIs enables security features such as rate limiting and webhook verification. This protects APIs from over-fetching and malicious data manipulation attempts, which are common in poorly secured GraphQL implementations. By tailoring rules to the requirements of GraphQL, users can mitigate potential risks.
Amazon Cognito user pools are useful for managing user identities and access in AWS environments. AWS WAF can protect their sensitive user data and prevent unauthorized access attempts. Security rules can be set up to monitor and control sign-in and sign-up activities, offering an additional layer of security against brute force attacks and credential stuffing.
AWS App Runner is a service designed to make web application deployments easier in AWS. Securing this service with AWS WAF ensures that applications run smoothly without being compromised by common web vulnerabilities or speed-based web attacks. It also simplifies security for developers, allowing them to focus on functional development.
AWS Verified Access is a new service designed to ensure secure and direct connectivity for remote users to internal applications without VPNs. When integrated with AWS WAF, security rules can be configured to ensure that only authenticated and authorized sessions are allowed access, enhancing both usability and security.
To set up an AWS account to use the WAF:
To create a Web ACL:
Creating a string match rule involves specifying the criteria for inspecting web requests:
AWS Managed Rules offer predefined rule groups that address common threats. To add these to your Web ACL:
To finalize the configuration for your ACL:
Once created, your Web ACL will be active and listed in the AWS WAF console, ready to protect your resources.
Coralogix sets itself apart in observability with its modern architecture, enabling real-time insights into WAF and CDN logs along with RUM data, all with built-in cost optimization. Coralogix’s straightforward pricing covers all its platform offerings including APM, RUM, SIEM, infrastructure monitoring and much more. With unparalleled support that features less than 1 minute response times and 1 hour resolution times, Coralogix is a leading choice for thousands of organizations across the globe.