What does this Amazon Web Services Solution do?

This solution automatically deploys a set of Amazon WAF (web application firewall) rules that filter common web-based attacks. Users can select from pre-configured protective features that define the rules included in an Amazon WAF web access control list. Once deployed, Amazon WAF protects your Application Load Balancers by inspecting web requests.You can use Amazon WAF to create custom, application-specific rules that block attack patterns to ensure application availability, secure resources, and prevent excessive resource consumption.

Amazon Web Services Solution Overview

The Amazon WAF Security Automations solution provides fine-grained control over the requests attempting to access your web application. The diagram below presents the architecture you can build using the solution's implementation guide and accompanying Amazon CloudFormation template. At the core of the design is an Amazon WAF web ACL that acts as central inspection and decision point for all incoming requests. The protective functions you choose to activate determine the custom rules that are added to your web ACL.

The diagram below presents the architecture you can automatically deploy using the solution's implementation guide and accompanying Amazon CloudFormation template.

Architecture of Serverless Image Handler

Architecture Description

Amazon Managed Rules (A): This set of Amazon managed core rules provides protection against exploitation of a wide range of common application vulnerabilities or other unwanted traffic.

Manual IP lists (B and C): This component creates two specific Amazon WAF rules that allow you to manually insert IP addresses that you want to block or allow.

SQL Injection (D) and XSS (E): The solution configures two native Amazon WAF rules that are designed to protect against common SQL injection or cross-site scripting (XSS) patterns in the URI, query string, or body of a request.

HTTP flood (F): This component helps protect against attacks that consist of a large number of requests from a particular IP address, such as a web-layer DDoS attacks or a brute-force login attempt. This feature supports thresholds of less than 100 requests within a 5 minute period.

Scanners and Probes (G): This component parses application access logs searching for suspicious behavior, such as an abnormal amount of errors generated by an origin. It then blocks those suspicious source IP addresses for a customer-defined period of time.

IP Reputation Lists (H): This component is the IP Lists Parser Amazon Lambda function which checks third-party IP reputation lists hourly for new ranges to block.

Bad Bots (I): This component automatically sets up a honeypot, which is a security mechanism intended to lure and deflect an attempted attack.

Amazon WAF Security Automations

Version 1.0.0
Last updated: 06/2021
Author: Amazon Web Services 

Estimated deployment time: 20 min

Features

Reference Implementation

Leverage the Amazon WAF Security Automations solution out of-the-box, or as a reference implementation for building your own set of WAF rules.

Identifies and blocks cross-site scripting (XSS) attacks

The solution configures two native Amazon WAF rules that are designed to protect against common SQL injection or XSS patterns in the URI, query string, or body of a request.

Log Analysis

When activated, Amazon CloudFormation provisions an Amazon Athena query and a scheduled Amazon Lambda function responsible for orchestrating Athena executing, processing result output, and updating Amazon WAF.

Quickly configure WAF rules

The Amazon CloudFormation template automatically launches and configures the Amazon WAF settings and protective features you choose to include during initial deployment.
Standard Product Icons (Features) Squid Ink
Explore all Amazon Web Services Solutions

Browse our portfolio of Amazon Web Services-built solutions to common architectural problems.

Learn more 
Next-Steps-Icon_Find-a-Partner-B
Find a Partner

Find Amazon Web Services certified consulting and technology partners to help you get started.

Learn more 
Standard Product Icons (Start Building) Squid Ink
Start building in the console

Sign-up and start exploring our services.

Get started