AWS WAF Cheat Sheet

• AWS WAF is a web application firewall that protects web applications and APIs from common web exploits by allowing you to configure rules that allow, block, or monitor (count) web requests based on conditions you define.
• Conditions can include IP addresses, HTTP headers, request body, URI strings, SQL injection attempts, and cross-site scripting (XSS).

Features

Flexible Rule-Based Filtering / Rule Types

• Create rules using conditions based on IPs, headers, body, URI paths, geographic location, and more.
• Detect and block common exploits such as SQL injection (SQLi) and cross-site scripting (XSS).
• JSON body inspection allows validating keys/values for secure API protection.
• Rate-Based Rules: Automatically block or rate-limit IPs exceeding a request threshold within a 5-minute window.
• New rule matching options: ASN match statements, JavaScript fingerprinting (JA4), and custom key aggregation for advanced conditions.
• Bot Control updates: Expanded bot detection categories (Advertising, AI, Content Fetcher, Social Media) and Web Bot Authentication for AI Agents.

Managed Rules

• Pre-configured, automatically updated rulesets from AWS and AWS Marketplace partners.
• AWS Managed Rules updates: Known Bad Inputs, POSIX Operating System rule group updates, Core Rule Set (CRS) updates, and Anti-DDoS managed rule group for ALB protection.

Web ACLs (Access Control Lists)

• Combine multiple rules into a Web ACL.
• Assign actions per rule: allow, block, or count.
• Define a default action for unmatched requests.
• New quota / enhancements: Max Geo match countries per rule (50), Max ALB associations per Web ACL (100).
• Dashboard updates: Top Security Insights tab and simplified onboarding with protection packs.

Visibility and Monitoring

• Real-time metrics in Amazon CloudWatch.
• Full logging with request details: IP, geo-location, URI, User-Agent, Referer, and URI fragments.
• Logging enhancements: Data protection options configurable at Web ACL or logging-only level.
• Integration with WAF Security Automations for auto-deployed rule sets and log analysis via Amazon Athena.

Connectivity / Integration

• Integrates with CloudFront, ALB, API Gateway, and AWS AppSync for global and regional protection.
• New integration: CloudFront flat-rate pricing plan and client-side protections from AWS Marketplace.

Security / Managed Policies

• Blocks or filters malicious traffic using customizable rules.
• Managed rules continuously updated by AWS and security vendors.
• Provides full logging for forensic analysis and investigation.
• Managed policy updates: Expanded permissions for AWSWAFConsoleFullAccess and AWSWAFConsoleReadOnlyAccess covering CloudFront, Amplify, AppSync, Data Firehose, API Gateway, AWS Price List, and Marketplace.

Use Cases

• Protecting web applications from SQL injection, XSS, and common OWASP threats.
• Enforcing API request validation using JSON inspection.
• Rate-limiting abusive or bot-origin traffic.
• Using Managed Rules to automatically mitigate known vulnerabilities.
• Adding custom headers for downstream verification or analytics.
• Automating incident response and traffic filtering using WAF Security Automations.

Security

• Blocks or filters malicious traffic using customizable rules.
• Managed rules continuously updated by AWS and security vendors.
• Provides full logging for forensic analysis and investigation.
• Can be used alongside AWS Shield for DDoS mitigation.
• Supports secure handling of HTTP body and JSON content with size constraints.
• Integrates with CloudFront, ALB, API Gateway, and AWS AppSync for global and regional protection.

AWS WAF Pricing

• AWS WAF charges based on:

  1. Number of Web ACLs you deploy.

  2. Number of rules per Web ACL (managed or custom).

  3. Number of web requests processed monthly.

  Costs vary by region and by traffic volume.

Note: If you are studying for the AWS Certified Security Specialty exam, we highly recommend that you take our AWS Certified Security – Specialty Practice Exams and read our Security Specialty exam study guide.

AWS WAF Cheat Sheet References:

https://docs.aws.amazon.com/waf/latest/developerguide
https://aws.amazon.com/waf/features/
https://aws.amazon.com/waf/pricing/
https://aws.amazon.com/waf/faqs/