Protect cloud applications from attacks with the AWS Web Application Firewall (WAF)
// by Matthias Rensing
Hybrid Cloud, IT & Management Consulting, Security & Compliance
Successful use of the Amazon Firewall solution must be planned
Times are uncertain and it is not just the Ukraine war that has made it clear that security leaks in IT structures can jeopardise the functioning of goods flows and production. As early as 2021, nearly 9 out of 10 companies were victims of cyber attacks. IT infrastructures for most companies and organisations today are also cloud infrastructures. Cloud providers and customers share responsibility for cyber security and compliance. AWS customers can choose between Amazon services and several other firewall providers for the security of their applications and data. Even if the decision is made in favour of the provider's solution, the implementation is not trivial and must be well prepared.
Without a web application firewall (WAF), even the cloud is not secure
As a platform for public cloud services, Amazon Web Services (AWS) delivers various offerings such as virtual machines, databases, AI solutions and many other IT services for countless companies worldwide. Amazon operates the data centres and is responsible for the security of this infrastructure - "Security of the Cloud". In a shared security model, on the other hand, cloud customers are responsible for protecting the applications and networks they operate in the cloud and thus the security of their data - "Security in the Cloud".
Incoming and outgoing data streams are the site of attacks and it is therefore important that customers secure their digital property with a firewall that provides security to suit each type of application.
A web application firewall (WAF) is generally referred to as a security system that monitors data traffic as well as IT systems and their applications or data in the cloud and agilely protects them from web attacks. The provider landscape is diverse and often highly specialised. However, AWS also offers its customers a firewall itself in order to close security gaps in a targeted manner. AWS provides this "Web Application Firewall" (WAF), which promises security "with just a few clicks", according to the provider.
Implement AWS Web Application Firewall (WAF)
However, as is often the case, the devil is in the detail and it takes extensive knowledge of how to use the AWS firewall and the specific threat patterns to choose the right ones with just a few clicks. The IT infrastructures to be protected are too individually structured, and the security and setting options that guarantee the company's IT protection against attacks are too diverse. The best-known security services are GuardDuty for all accounts, Inspector and Macie at VPC level, and WAF and Shield for web applications (see following figure).
The AWS Web Application Firewall (WAF) protects cloud applications by allowing or preventing specific access. It detects known attack patterns and stops them. It protects web applications or APIs from internet threats and bots that can compromise their availability or security and put excessive strain on resources. Security rules that control BOT traffic and block attack patterns protect the web application. Individual rules can also be created to filter out specific traffic patterns, e.g. to block access from certain IP addresses or certain regions from which attacks repeatedly originate.
Preconfigured rule sets managed by AWS are regularly updated as new issues arise.
Different services are supported for the deployment of the Web Application Firewall (WAF) depending on the use case. The AWS WAF can be deployed as part of their CDN (Content Delivery Network) via CloudFront, via the Application Load Balancer to protect their web servers or via the API Gateway for their REST APIs as well as AWS AppSync for GraphQL APIs.
The advantages of the AWS Web Application Firewall (WAF)
The use of Amazon's own firewall has some serious advantages, which prove to be above all in the constant and automatic updating for the customer.
- Updating AWS WAF rules takes only a few moments. The security of the customer environment can thus be updated quickly at any time.
- Through the Firewall Manager integration, rules are centrally managed and applied in all desired applications.
- Under the term "Managed Rules for AWS WAF", customers can select from various rule types and thus specifically address problems. For example, the OWASP Top 10 security risks defined by the Open Web Application Security Project, threats specifically for content management systems (CMS) or emerging common vulnerabilities and exposures (CVE).
- Every function of the AWS WAF can be configured via the AWS Management Console. This simplifies the work of security administrators and gives the DevOps team the ability to define rules at each stage of the development process that increase web security during application development.
noventum Cloud Consulting
For many years, cloud computing has been one of the prominent noventum-consulting topics. Certified for all leading providers and experienced through countless cloud projects, we bring proven procedures and the latest technical state of the art to every cloud project.
Thank you for your interest in the noventum Cloud-Consulting!
noventum consulting GmbH