AWS WAF & Shield & Firewall Mana
AWS Web Application Firewall (WAF)
AWS WAF is a cloud firewall that uses various security rules to protect web applications running on AWS.
AWS WAF was designed to be used with EC2, CloudFront, Application Load Balancer, and API Gateway.
Charge based on the number of access control lists (Web ACLs) that you create, the number of rules you have for each web ACL, and the number of web requests you receive.
AWS WAF can be used in the following conditions:
- Block request from malicious IPs.
- Prevent SQL injection attacks by using SQL injection match conditions
- Prevent cross-site scripting attacks (XSS attacks) by cross-site scripting match conditions.
- Prevent brute force HTTP flood attacks by create a rate-based rule
AWS Shield
AWS Shield is a single-purpose, managed Distributed Denial of Service (DDoS) protection tool for your AWS-based applications.
AWS Shield monitors all incoming traffic and mitigates attacks if malicious activity is detected.
Can be used with Classic / Application Load Balancers, Amazon CloudFront distributions, Amazon Route 53 hosting zones, Elastic IPs, AWS Global Accelerator accelerators.
Two different service tiers:
- AWS Shield Standard
- Typically protects against common network and transport layer (layers 3 and 4) DDoS attacks that target your business applications and websites.
- Completely free
- You can’t see an attack history, and you don’t receive any notification or report describing the attack.
- AWS Shield Advanced.
- Protects all resources running on EC2 backup, CloudFront, ELB, Route53, etc.
- Detects any attacks against application layers (layer 7).
AWS Firewall Manager
AWS Firewall Manager is a service that provides a centralized place for configuring and managing firewall rules and security policies as well as for enforcing them across all applications and accounts within your AWS Organization.
You can config both your WAF and your AWS Shield with AWS Firewall Manager. It can also be used to handle security group.
you will be charged for all the resources being managed, like firewall rules or web ACLs.
AWS Guard Duty
Amazon GuardDuty is an active intruder detection system which constantly monitors suspected configuration changes and anomalies in your AWS account and notifies relevant parties for further actions. It works as an antivirus for the whole AWS account, monitoring for activity such as unusual API calls or potentially unauthorized deployments that indicate a possible account compromise.
