Posts

Showing posts from July, 2024

Protecting Applications Using AWS WAF

Image
  Amazon's Web Application Firewall (WAF) allows for seamless integration with existing AWS resources and easy configuration. It may have its limitations, but it provides many common protections for web applications and can be spun up very quickly. Everything I've included below can be found in Amazon's documentation . However, I've highlighted parts that I found particularly important and left other details out. AWS WAF Classic vs AWS WAF If you're still on WAF Classic, you should try to migrate to AWS WAF. The "new" version has been out several years (though rules do not automatically convert and Amazon's conversion tool does not work in all scenarios). There are a number of new capabilities and features, notably managed rules. And if you have version control and infrastructure as code (IaC) implemented widely throughout your environment, rules are now JSON objects. I will leave it at that as I suspect most people are on the current AWS WAF. Resource