WAF - AWS Study Guide (v2.0)

Learning Objectives

Understand the core purpose and operating layer of AWS WAF.

Identify the types of common web exploits AWS WAF can mitigate.

Recognize the AWS services that can be protected by AWS WAF.

Comprehend how AWS Firewall Manager integrates with and extends AWS WAF capabilities for organizational governance.

AWS WAF Fundamentals

AWS WAF provides Layer 7 protection for web applications and APIs.

AWS WAF is a service that protects web applications at Layer 7 (Application Layer) of the OSI model. It is designed to block common web attacks that could compromise security or cause applications to become unavailable.

Technical Specs: Operates at Layer 7 (Application Layer)

AWS WAF blocks common attacks such as SQL injection and cross-site scripting (XSS). These are prevalent web exploits that target vulnerabilities in web applications.

Technical Specs: Blocks SQL injection, cross-site scripting

AWS WAF can be configured to protect various AWS services that expose web applications or APIs. These include Amazon CloudFront distributions, Application Load Balancers (ALBs), and Amazon API Gateways.

Technical Specs: Protects CloudFront distributions, Application Load Balancers, API Gateways

AWS Firewall Manager and WAF Integration

AWS Firewall Manager extends WAF capabilities for centralized governance.

AWS Firewall Manager is a centralized tool specifically designed for configuring and managing firewall rules across multiple AWS accounts and Virtual Private Clouds (VPCs). It can enforce standard WAF rule sets uniformly across an entire AWS Organization.

Technical Specs: Centralized management of firewall rules across multiple AWS accounts and VPCs; enforces WAF rule sets across an AWS Organization.

Exam Tips

For AWS certification exams, remember that AWS WAF protects web applications at Layer 7 against common exploits like SQL injection and cross-site scripting.

Identify WAF as the solution when scenarios involve protecting CloudFront distributions, Application Load Balancers, or API Gateways from web-based attacks.

When a scenario requires centralized management and enforcement of WAF rules across multiple accounts within an AWS Organization, AWS Firewall Manager is the key service.

Glossary

AWS WAF

AWS Web Application Firewall is a service that protects web applications at Layer 7 (Application Layer) from common web exploits like SQL injection and cross-site scripting.

AWS Firewall Manager

A centralized tool for configuring and managing firewall rules across multiple AWS accounts and VPCs, capable of enforcing standard WAF rule sets across an AWS Organization.

SQL injection

A common web attack that AWS WAF blocks, where malicious SQL code is inserted into input fields to manipulate database queries.

Cross-site scripting (XSS)

A common web attack that AWS WAF blocks, where malicious scripts are injected into trusted websites.

Key Takeaways

AWS WAF provides essential Layer 7 protection for web applications and APIs against common exploits, integrating with CloudFront, ALBs, and API Gateway (source page 3).