In this final lecture, I want to summarize the key points from the previous lectures of this course. I started by providing an overview of AWS WAF, and in this lecture we'd cover the following points. The AWS Web Application Firewall is a service that helps to prevent websites and web applications from being maliciously attacked by common web attack patterns.

AWS WAF supports resources, including Amazon API Gateway REST APIs, CloudFront Distributions, Application Load Balancers and AWS AppSync GraphQL APIs. And there's currently two versions of AWS WAF. We have AWS WAF Classic and AWS WAF, sometimes referred to as new AWS WAF. And you should only use AWS WAF Classic if you created AWS WAF resources prior to November, 2019.

WAF filters both HTTP and HTTPS requests by distinguishing between legitimate and harmful inbound requests. And the service is composed of Web ACLs, rules and rule groups. So Web ACLs is the main building block of the AWS WAF service and it's associated with supportive resources, it contains rules and it has a default action that can be applied of allow or block.

Rules, these contain statements and actions which focus on specific criteria that the web request will be inspected against, and they can have actions of allow, block or count. And then we have rule groups, which is a collection of rules that you can apply to different Web ACLs. And AWS WAF also comes pre-configured with a number of AWS manageable groups as well.

Then next I focused my attention on the creation of rules and rule groups. And during this lecture, we learnt that rules are used to define inspection criteria that would determine if the web traffic will be allowed or blocked. And you can use management groups or create your own rules and rule groups in a Web ACL. And managed rule groups have pre-defined rules that have already been created by AWS and other AWS marketplace sellers for you to use. And they are tried and tested and they have been designed to help protect against a specific type of vulnerability or risk.

Now for each web ACL, there's a limit of 1500 capacity units, known as WCUs, and WCU values and applied to rules and rule groups. The more intricate the rule is from an inspection perspective, the more WCUs will be consumed. And when creating a rule group, you must stipulate an immutable capacity at the time of its creation. With custom rules, they can have a rule type of IP set, rule builder or rule groups. IP set allows you to configure the rule criteria based on either the source IP address or the IP address in the header. The rule builder allows you to create your rules with the rule visual editor or the rule JSON editor.

By nesting statements, you can implement logic within your rules that allow you to use arguments such as and, or and not. And the different between a rate-based rule and a regular rule is that rate-based rules count the number of requests that are being received based on source IP address or the IP address in the header over a time period of five minutes.

Regular rules are effectively if/then statements. Rule groups allow you to group a set of rules together to be associated with one or more Web ACLs, and you must specify the maximum capacity WCUs during the creation of a new rule group, and rule priorities determine the order that rules are executed.

In the final lecture, I provided a demonstration that showed you how to create an IP set, a rule group and its associated rules and a Web ACL that is associated with a CloudFront distribution.

That has now brought me to the end of this lecture and to the end of this course. You should now have a greater understanding of AWS WAF, what's it's used for, its core components and how to create and configure a web ACL to help you mitigate against vulnerabilities and threats towards your web application infrastructure and resources. If you have any feedback on this course, positive or negative, please contact us by sending an email to support@cloudacademy.com. Your feedback is greatly appreciated. Thank you for your time and good luck with your continued learning of Cloud computing. Thank you.