Automatically deploy a single web access control list that filters web-based attacks with Security Automations on AWS WAF

Publication date: September 2016 (last update: December 2024)

The Security Automations for AWS WAF solution deploys a set of preconfigured rules to help you protect your applications from common web exploits. This solution’s core service, AWS WAF, helps protect web applications from attack techniques that can affect application availability, compromise security, or consume excessive resources. You can use AWS WAF to define customizable web security rules. These rules control which traffic to allow or block to web applications and application programming interfaces (APIs) deployed on AWS resources such as Amazon CloudFront, Application Load Balancer (ALB), and Amazon API Gateway. For more supported resource types, see AWS WAF in the AWS WAF, AWS Firewall Manager, and AWS Shield Advanced Developer Guide.

Configuring AWS WAF rules can be challenging and burdensome to large and small organizations alike, especially for those who don’t have dedicated security teams. To simplify this process, the Security Automations for AWS WAF solution automatically deploys a single web access control list (ACL) with a set of AWS WAF rules designed to filter common web-based attacks. During initial configuration of this solution’s AWS CloudFormation template, you can specify which protective features to include. After you deploy this solution, AWS WAF inspects web requests to their existing CloudFront distribution(s) or ALB(s), and blocks them when applicable.

A CloudFormation template deploys a web ACL with AWS WAF filering rules.

Configuration of the AWS WAF web ACL

This implementation guide discusses architectural considerations, configuration steps, and operational best practices for deploying this solution in the Amazon Web Services (AWS) Cloud. It includes links to CloudFormation templates that launch, configure, and run the AWS security, compute, storage, and other services required to deploy this solution on AWS, using AWS best practices for security and availability.

The information in this guide assumes working knowledge of AWS services such as AWS WAF, CloudFront, ALBs, and AWS Lambda. It also requires basic knowledge of common web-based attacks and mitigation strategies.

Note

As of version 3.0.0, this solution supports the latest version of the AWS WAF service API (AWS WAFV2).

This guide is intended for IT managers, security engineers, DevOps engineers, developers, solutions architects, and website administrators.

Note

We recommend using this solution as a starting point for implementing AWS WAF rules. You can customize the source code, add new custom rules, and leverage more AWS WAF managed rules based on your needs.

Use this navigation table to quickly find answers to these questions:

If you want to . . .	Read . . .
Know the cost for running this solution. The total cost for running this solution depends on the protection activated and the amount of data ingested, stored, and processed.	Cost
Understand the security considerations for this solution.	Security
Know which AWS Regions are supported for this solution.	Supported AWS Regions
View or download the CloudFormation template included in this solution to automatically deploy the infrastructure resources (the “stack”) for this solution.	AWS CloudFormation template
Use AWS Support to help you deploy, use, or troubleshoot the solution.	AWS Support
Access the source code and optionally use the AWS Cloud Development Kit (AWS CDK) to deploy the solution	GitHub repository

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Features and benefits