Swiftorial Logo
Home
Swift Lessons
Matchups
CodeSnaps
Tutorials
Career
Resources

AWS Shield and WAF Overview

1. Introduction

AWS Shield and AWS Web Application Firewall (WAF) are essential security services offered by Amazon Web Services (AWS) to protect applications from various online threats, including DDoS attacks and web application vulnerabilities.

2. AWS Shield

AWS Shield Overview

AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. It provides two tiers of protection:

  • Shield Standard: Basic DDoS protection for all AWS customers at no additional charge.
  • Shield Advanced: Enhanced DDoS protection with additional features like real-time metrics, detailed reports, and 24/7 access to the AWS DDoS Response Team (DRT).

Key Features of AWS Shield

  • Automatic attack detection and mitigation.
  • Integration with AWS services such as Elastic Load Balancing and Amazon CloudFront.
  • Cost protection against scaling charges during DDoS attacks when using Shield Advanced.

3. AWS WAF

AWS WAF Overview

AWS Web Application Firewall (WAF) is a security service that helps protect web applications from common web exploits. It allows you to create custom rules to filter out malicious traffic.

Key Features of AWS WAF

  • Customizable rules to allow or block traffic based on specific conditions.
  • Integration with AWS Shield for enhanced protection against DDoS attacks.
  • Real-time visibility into web traffic and attack patterns.

Example: Creating a WAF Rule


aws wafv2 create-web-acl --name "MyWebACL" --scope REGIONAL \
--default-action Allow={} --description "Web ACL for my application" \
--rules '[{"Name":"BlockBadBots","Priority":0,"Statement":{"ByteMatchStatement":{"SearchString":"BadBot","FieldToMatch":{"UriPath":{},"Type":"URI"},"TextTransformations":[{"Priority":0,"Type":"NONE"}],"PositionalConstraint":"CONTAINS"},"Action":{"Block":{}},"VisibilityConfig":{"SampledRequestsEnabled":true,"CloudWatchMetricsEnabled":true,"MetricName":"BlockBadBots"}}}]' \
--visibility-configuration '{"SampledRequestsEnabled":true,"CloudWatchMetricsEnabled":true,"MetricName":"MyWebACL"}'

4. Best Practices

To effectively utilize AWS Shield and WAF, consider the following best practices:

  • Enable AWS Shield Advanced for critical applications to access enhanced DDoS protection.
  • Regularly review and update WAF rules to adapt to new threats.
  • Utilize AWS CloudTrail to monitor API calls related to your WAF rules.
  • Integrate CloudWatch for monitoring metrics and setting alarms on unusual traffic patterns.

5. FAQ

What is the difference between AWS Shield Standard and Advanced?

AWS Shield Standard provides automatic protection against common DDoS attacks at no extra cost, while Shield Advanced offers more sophisticated protection, including DDoS cost protection and access to the AWS DDoS Response Team.

How do AWS WAF rules work?

AWS WAF rules allow you to create condition-based filters that can allow or block web traffic based on the defined criteria, such as IP addresses, HTTP headers, or query string parameters.

Can I use AWS Shield and WAF together?

Yes, AWS Shield and WAF can be used in conjunction to provide layered security for your applications. Shield protects against DDoS attacks, while WAF safeguards against web exploits.

Flowchart: Integration of AWS Shield and WAF


graph TD;
    A[User Traffic] --> B[AWS Shield];
    B --> C{DDoS Attack?};
    C -->|Yes| D[Mitigate Attack];
    C -->|No| E[AWS WAF];
    E --> F{Web Exploit?};
    F -->|Yes| G[Block Request];
    F -->|No| H[Allow Request];