Concepts

AWS WAF is a web application firewall service that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your applications by defining customizable web security rules.

Getting Started with AWS WAF

  1. Create a Web ACL:

    A web access control list (ACL) acts as a container for rules that you can apply to one or more AWS resources, such as Amazon CloudFront, Amazon API Gateway, or Application Load Balancer.

    • Open the AWS WAF & Shield console at https://console.aws.amazon.com/waf/
    • Choose “Web ACLs” in the navigation pane.
    • Click “Create web ACL.”
    • Enter a name, region (if necessary), and resource to associate the Web ACL with (e.g., CloudFront distribution).
  2. Add Rules:

    Rules include conditions, such as IP addresses, HTTP headers, HTTP body, or URI strings, defining the web requests that AWS WAF should allow, block, or count.

    • Inside the Web ACL, choose “Add rules” or “Add rule group.”
    • Select “Create rule” and define the rule’s components (filters by IP, size constraints, SQL injection, etc.)
    • Assign an action to each rule (allow, block, or count).
  3. Deploy the Web ACL:

    After creating rules, you need to add the Web ACL to the resource.

    • Choose the “Rules” tab and review your rule order and actions.
    • Choose “Associations,” then attach the Web ACL to an AWS resource.
    • Save your changes.

AWS WAF Rule Example

Here’s a pseudo-example for creating an AWS WAF rule to block requests from a specific IP address:

{
“RuleId”: “ExampleRuleId123”,
“Name”: “BlockSpecificIP”,
“Priority”: 1,
“Action”: {
“Block”: {}
},
“Statement”: {
“IPSetReferenceStatement”: {
“ARN”: “arn:aws:wafv2:region:account-id:ipset/ipset-id”
}
},
“VisibilityConfig”: {
“SampledRequestsEnabled”: true,
“CloudWatchMetricsEnabled”: true,
“MetricName”: “BlockSpecificIPMetric”
}
}

AWS Shield

AWS Shield is a managed DDoS protection service that safeguards applications running on AWS. AWS Shield provides automatic inline mitigation that minimizes application downtime and latency. There are two tiers of AWS Shield – Standard and Advanced.

AWS Shield Standard

AWS Shield Standard is automatically enabled on all AWS accounts at no additional charge. It provides basic protection against the most common and frequently occurring types of DDoS attacks.

  • No configuration is required for AWS Shield Standard.
  • It supports Elastic Load Balancing (ELB), Amazon CloudFront, and Amazon Route 53 resources.

AWS Shield Advanced

  1. Enroll in AWS Shield Advanced:
    • Visit the AWS Management Console.
    • Navigate to AWS Shield.
    • Choose “Get started” with AWS Shield Advanced.
    • Select the resources to protect (e.g., ELB, CloudFront).
  2. Configure AWS Shield Advanced:
    • Create health checks in Amazon Route 53 for your resources.
    • Configure rate-based rules to help mitigate DDoS attacks.
    • Set up DDoS alarms in Amazon CloudWatch.
  3. Use AWS WAF with AWS Shield Advanced:

    For more refined control, integrate AWS WAF with AWS Shield Advanced. The rules in AWS WAF can be managed in conjunction with the AWS Shield Advanced protections.

Comparison of AWS WAF and AWS Shield Features

Feature AWS WAF AWS Shield Standard AWS Shield Advanced
Protection Scope Web applications/APIs AWS services (ELB, Amazon CloudFront, Route 53) AWS services with detailed attack diagnostics
Rule Customization Highly customizable Automatic Automatic + Customizable
DDoS Protection Not a DDoS protection service (focus on web ACLs) Basic DDoS attack protection Enhanced DDoS attack protection
Pricing Pay per rule per web ACL Free Paid subscription with additional charges for usage
Visibility Detailed request-level inspection Aggregate attack visibility Real-time attack visibility and reporting
Support Standard AWS Support Standard AWS Support 24×7 access to AWS DDoS Response Team (DRT)

In conclusion, configuring and managing AWS WAF and AWS Shield are crucial tasks in protecting your AWS environment from web attacks and DDoS threats. Understanding how to effectively implement these services is a key aspect of the AWS Certified SysOps Administrator – Associate exam and is vital for maintaining a secure and resilient AWS infrastructure.

Answer the Questions in Comment Section

True or False: AWS WAF can only be applied to protect Amazon CloudFront distributions.

  • A) True
  • B) False

Answer: B) False

Explanation: AWS WAF can be applied to protect Amazon CloudFront distributions, but it can also be used with Application Load Balancers (ALB), Amazon API Gateway, and AWS AppSync.

AWS Shield provides protection against which of the following types of attacks?

  • A) SQL injection
  • B) DDoS attacks
  • C) Cross-site scripting
  • D) Malware uploads

Answer: B) DDoS attacks

Explanation: AWS Shield is a managed service specifically designed to protect against Distributed Denial of Service (DDoS) attacks.

True or False: AWS Shield Advanced provides additional DDoS protection for services such as Elastic Load Balancing (ELB), Amazon EC2, and Amazon Route 53, along with detailed attack diagnostics.

  • A) True
  • B) False

Answer: A) True

Explanation: AWS Shield Advanced offers expanded DDoS protection for AWS services, including ELB, EC2, and Amazon Route 53, as well as detailed attack diagnostics to understand the nature and impact of the attack.

Which of the following AWS services integrates directly with AWS WAF?

  • A) Amazon S3
  • B) Amazon RDS
  • C) Amazon VPC
  • D) Amazon CloudFront

Answer: D) Amazon CloudFront

Explanation: AWS WAF directly integrates with Amazon CloudFront, allowing you to create custom web ACLs to filter incoming traffic.

True or False: AWS WAF rules can be reused across multiple web applications.

  • A) True
  • B) False

Answer: A) True

Explanation: AWS WAF is designed to be reusable and rules can be applied to multiple web applications.

How does AWS Shield Standard differ from AWS Shield Advanced?

  • A) Shield Standard offers unlimited DDoS protection.
  • B) Shield Advanced provides access to the AWS DDoS Response Team (DRT).
  • C) Shield Standard requires additional charges for every protected resource.
  • D) Shield Advanced only protects Amazon CloudFront distributions.

Answer: B) Shield Advanced provides access to the AWS DDoS Response Team (DRT).

Explanation: AWS Shield Advanced offers additional features compared to Shield Standard, including 24/7 access to the AWS DDoS Response Team (DRT).

True or False: You can combine AWS WAF with AWS Shield for layered security.

  • A) True
  • B) False

Answer: A) True

Explanation: AWS WAF and AWS Shield can be used together for a layered approach to security, providing both application-level and infrastructure-level protection.

Which of the following is a benefit of using AWS WAF?

  • A) Automatic encryption of data at rest and in transit.
  • B) Real-time control of the traffic reaching your applications.
  • C) Automatic patching of web application vulnerabilities.
  • D) Backup and recovery of web application data.

Answer: B) Real-time control of the traffic reaching your applications.

Explanation: AWS WAF provides real-time control and monitoring of the HTTP/HTTPS traffic reaching your applications, allowing you to block or allow traffic based on conditions you specify.

AWS Shield is available in which of the following forms?

  • A) Only as AWS Shield Advanced
  • B) Only as AWS Shield Standard
  • C) As both AWS Shield Standard and AWS Shield Advanced
  • D) AWS Shield is not a standalone service but a feature of AWS WAF

Answer: C) As both AWS Shield Standard and AWS Shield Advanced

Explanation: AWS Shield is available in two levels: AWS Shield Standard, which is automatically included with AWS, and AWS Shield Advanced, which provides enhanced protection and service levels for a fee.

True or False: AWS WAF can inspect both HTTP and HTTPS traffic for potentially malicious content.

  • A) True
  • B) False

Answer: A) True

Explanation: AWS WAF can inspect both HTTP and HTTPS traffic, allowing for the detection of and response to malicious content.

For which of the following services does AWS Shield Standard NOT provide DDoS protection?

  • A) Amazon EC2
  • B) Amazon RDS
  • C) Amazon CloudFront
  • D) Amazon Route 53

Answer: B) Amazon RDS

Explanation: AWS Shield Standard provides DDoS protection for several services including Amazon EC2, Amazon CloudFront, and Amazon Route 53, but not for Amazon RDS.

0 0 votes
Article Rating
Subscribe
Notify of
guest
43 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Karla Larsen
5 months ago

Great post! Can anyone explain the difference between AWS WAF and AWS Shield?

غزل کوتی
8 months ago

Thanks for the detailed explanation. It clarifies things a lot!

Sophia Frazier
7 months ago

I appreciate this blog post. Very informative.

Mélina Lecomte
7 months ago

Could someone elaborate on how to set up AWS WAF for a CloudFront distribution?

Mércia Porto
7 months ago

Thank you! This is exactly what I needed.

Ognjen Perić
7 months ago

Very helpful post. Keep it up!

Donald Porter
8 months ago

I tried using AWS Shield Advanced but found it a bit confusing. Any tips?

Veera Laine
6 months ago

Appreciate the insights. Will try setting those up.

43
0
Would love your thoughts, please comment.x
()
x