Firewall Manager, WAF, Shield

Jump to

• Firewall Manager, WAF
• Shield

Firewall Manager, WAF

AWS WAF supports monitoring HTTP and HTTPS requests that are forwarded to

• CloudFront distribution,
• API Gateway REST API,
• ALB,
• AppSync GraphQL API,
• Cognito user pool, or
• App Runner service

Complex custom AWS WAF JSON rules examples

• https://repost.aws/knowledge-center/waf-create-complex-custom-rules
• NotStatement
  • https://stackoverflow.com/questions/59673364/aws-waf-create-an-acl-and-rule-to-allow-access-to-only-one-country-to-access-the

MTLA

• How to use Amazon Athena queries to analyze AWS WAF logs and provide the visibility needed for threat detection, AWS, 2024-05-22
  • AWS WAF dashboards
  • AWS WAF logging
  • Examples of threat detection analysis using AWS WAF logs and Athena
    • Example 1: Top talkers by different criteria
    • Example 2: Get counts of various bot traffic for a given set of days
    • Example 3: Get counts of labels per IP address
    • Example 4: Top talker with additional details
    • Example 5: Website scraping and attacks
    • Example 6: AWS WAF tokens analysis (activity by IP and token misuse)
    • Example 7: Session tracking – Lifecycle of a client request (client session activity by token)
  • Tips to make Athena queries faster

Useful blog posts

• How to enforce a security baseline for an AWS WAF ACL across your organization using AWS Firewall Manager, AWS, 2024-05-09
• Cost-effective ways for securing your web applications using AWS WAF, AWS, 2023-09-13
• Accelerate and protect your websites using Amazon CloudFront and AWS WAF, AWS, 2023-09-12
• Discover the benefits of AWS WAF advanced rate-based rules, AWS, 2023-09-01
• Using AWS WAF intelligent threat mitigations with cross-origin API access, AWS, 2023-07-13

Other links

• AWS WAF Security Automations - awslabs/aws-waf-security-automations
• https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_SecurityServicePolicyData.html
• https://docs.aws.amazon.com/waf/latest/developerguide/waf-bot-control-example-scope-down-dynamic-content.html
• https://d1.awsstatic.com/whitepapers/guidelines-implementing-aws-waf.pdf
• https://blog.serverworks.co.jp/wafcharm/awsmanagedrulesknownbadInputsruleset-log4jrce

Shield

• AWS Shield Engagement Lambda - https://s3.amazonaws.com/aws-shield-lambda/ShieldEngagementLambda.pdf
• AWS Shield Advanced can protect the following resources:
  • CloudFront Distributions
  • Route53 zones
  • Application Load Balancers
  • Network Load Balancers (Only when the NLB has a public IP which therefore falls under EIP protection - NLBs are not natively supported)
  • Classic Load Balancers
  • EIPs
  • Global Accelerators