AWS WAF Operations
Security is one of the hottest topics within the cloud industry right now, mostly due to uncertainty and a lack of understanding when it comes to knowing how to secure the cloud really is. With this in mind, public cloud vendors focus massive effort and resources into security, resulting in additional levels of security at all layers within their cloud architecture.
This made way for the development of the AWS Web Application Firewall (WAF) service which was launched at Re:Invent in October 2015.
This course looks at all the elements of AWS Web Application Firewall from a beginners introduction to the service from what it is and when to use it within your environment, to how it can be used in conjunction with other services like AWS CloudWatch and AWS Lambda to help with automation of your security.
If you have thoughts or suggestions for this course, please contact Cloud Academy at firstname.lastname@example.org.
Hello and welcome to the final lecture of this course.
As you can see, AWS WAF is a fairly simple service to implement, where the back end infrastructure is managed by AWS with regards to scaling and deployment.
If you are looking to secure your web application traffic, then this offers a great solution. All you need to have in place are your CloudFront distributions and an understanding of the kind of traffic you would like to monitor and filter, and which of that traffic should be allowed, blocked, or counted. It's also a great service to help you comply to specific security controls, such as PCI DSS, which WAF supports.
The service itself is comprised of conditions, rules, and web ACLs, Access Control Lists, and these web ACLs are then applied to your CloudFront distributions. Any requests that are then destined for your CloudFront distribution is then checked and verified by your web ACL first.
This helps to prevent some of the common attacks that are experienced with web infrastructure, such as SQL injections, Cross-Site Scripting, and Distributed Denial of Service attacks, DDoS, which can ultimately save you from having your data stolen, your sites brought down, and damage to your company's reputation.
From the WAF demonstration, you also learned where to find the WAF service, how to set up a condition and any corresponding filters, how to configure a rule, how to configure a web ACL, and how to associate web ACLs to your CloudFront distributions.
When configuring WAF, we do need to be aware of some of the service limitations by the service, such as the number of conditions, rules, and web ACLs allowed. You also learned which of the WAF services you can request an increased limit against.
Once your WAF service is configured, you can the start to monitor the service via CloudWatch using three default metrics, AllowedRequests, BlockedRequests, and CountedRequests.
CloudWatch allows you to monitor the effectiveness of your web ACLs.
With the emerging growth within the server-less field of cloud computing where a lot relies on automation. We also covered how AWS WAF supports integration with other services, such as AWS Lambda, to allow automatic updates to the WAF rules, depending on incoming requests. This adds a new dimension to securing the infrastructure, based on dynamic walls within your web ACLs helping to prevent unauthorized access.
Finally, you learned how pricing was determined, which, as we saw, is a very simple model, regardless of regions. However, we must remember that these costs are in addition to your AWS CloudFront costs.
We have now come to the end of this course, and I would like to thank you for taking the time to view these lectures, and I hope it provided a good understanding of the AWS WAF service. If you do have any comments, positive or negative, I would very much appreciate it if you passed on your thoughts within the comment section of the course landing page. Thank you.
About the Author
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data centre and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 50+ courses relating to Cloud, most within the AWS category with a heavy focus on security and compliance
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.