AWS WAF (or AWS Web Application Firewall) provides a firewall that protects your web applications. WAF can stop common web attacks by reviewing the data being sent to your application and stopping well-known attacks.
- WAF is found under the Security, Identity, & Compliance section on the AWS Management Console.
- WAF can protect web sites not hosted in AWS through Cloud Front.
- You can configure CloudFront to present a custom error page when requests are blocked.
AWS WAF is available under a composite dashboard, WAF & Shield, that combines the following three services:
- AWS WAF: It allows you to protect your web applications from common web exploits by monitoring and controlling the web requests coming to an Amazon API Gateway API, an Amazon CloudFront distribution, or an Application Load Balancer.
- AWS Shield: It provides continuous DDoS attack detection and automatic mitigations. AWS Shield offers two tiers of protection – Standard and Advanced.
- AWS Firewall Manager: It allows you to configure and manage firewall rules across accounts and applications centrally.
Within AWS WAF service, you can create Web access control lists (web ACLs) to monitor HTTP(S) requests for AWS resources. You can protect the following types of resources:
- CloudFront distributions
- Regional resources (Application Load Balancer, API Gateway, AWS AppSync)
While creating a web ACL, you add rules, such as conditions like originating IP addresses, that determines whether to allow/block each request.