AWS WAF Operations
Please note: This course has been replaced with a more recent version found here.
Security is one of the hottest topics within the cloud industry right now, mostly due to uncertainty and a lack of understanding when it comes to knowing how to secure the cloud really is. With this in mind, public cloud vendors focus massive effort and resources into security, resulting in additional levels of security at all layers within their cloud architecture.
This made way for the development of the AWS Web Application Firewall (WAF) service which was launched at Re:Invent in October 2015.
This course looks at all the elements of AWS Web Application Firewall from a beginners introduction to the service from what it is and when to use it within your environment, to how it can be used in conjunction with other services like AWS CloudWatch and AWS Lambda to help with automation of your security.
If you have thoughts or suggestions for this course, please contact Cloud Academy at email@example.com.
Hello and welcome. This lecture will explain key points of AWS WAF pricing so there are no surprises. Pricing can be a bit frustrating to understand at times within the services.
There are only three chargeable elements of AWS WAF, these being the number of incoming requests that WAF has to process, the number of Web ACLs that you have, and also the number of rules within each of the Web ACLs. Do be aware, however, that these costs are in addition to any AWS CloudFront costs that you have, as they're an entirely different service with a different pricing structure model.
I briefly mentioned earlier within this course that you can use the same Web ACL on a number of different CloudFront distributions and that this doesn't affect your limitations of WAF. Similarly, this is true for charging. You will not be charged extra for assigning the same Web ACL to multiple distributions.
As you may be aware, for some AWS services, pricing can change for the same service depending on which region you deploy that service in. However, with AWS WAF it is currently a flat charge regardless. With that in mind, the charges are as follows. For incoming requests, it's currently charged at $0.60 per million web requests. Your Web ACLs are charged at $5 per Web ACL per month. And the number of rules per Web ACL are charged at $1 per rule per Web ACL per month.
Note that there are no upfront costs to use WAF. It is charged purely on the three elements we just discussed, so it can be quite easy to estimate how much this service is going to cost you across multiple CloudFront distributions.
Let's put an example around this to see how easy it is to create pricing estimates. Let's say you have five CloudFront distributions. Three distributions will have the same Web ACL with seven rules, and the other two will have their own Web ACL, each with five rules. In total, your CloudFront distributions have been calculated to have approximately five million web requests per month. Charging is as follows. For your Web ACLs, it'll be $25 per month. For your rules per Web ACL, that'll be charged at $17 per month. And for your incoming requests, will be charged at $3 per month, making a total of $45 per month.
As you can see, it's fairly easy to predict your spending with WAF as long as you have basic analytics of request rate for your distributions.
That has brought us to the end of this lecture on pricing. Next we have a summary, where we'll go over the key points that we've learnt from this course.
- AWS WAF Course
- What is AWS WAF and what does it do
- When and why should you use AWS WAF
- Configuring AWS WAF
- AWS WAF Cloudwatch
- Service limitations
- Cloudfront / WAF
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 80+ courses relating to Cloud reaching over 100,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.