WAF & Shield and FW manager
| Owner | |
|---|---|
| Verification | |
| Tags | |
| Last edited time |
Shield Standard - free enabled by default
Protects against layer 3-4 (SYN/UDP floods) - Cloud Front, Route 53
Shield Advanced 24/7 premium
EC2, ELB, Global Accelerator - fixed price 3k $ for auto scaling
AWS WAF: Filter specific traffic based on rules
Layer 7 HTTP/ Web socket - API gateway , Cloud Front , ALB
Define Web ACL , can set geo-restrictions and rate based rules
rules can: allow / block / count / CAPTCHA - managed rules by AWS or Marketplace
- block an IP address
Rules types:
- Baseline Rule groups - general protection from common threats
- Use-Case specific rules - AWS WAF use cases:(SQL, Windows, PHP, Wordpress)
Logging
CloudWatch logs (5MB per second) or S3 (5 minute interval) or Kineses (per quotas)
Enhanced CloudFront origin security
create a custom HTTP header between CloudFront and the ALB - use Secrets Manager + Lambda to rotate the header
AWS Firewall Manager
Manage all rules in all accounts of an AWS organization
can set a security policy (WAF /Shilled advanced /security groups / network firewall, route53 resolver)
polices are regional level - rules are auto applied to resources
To block an IP address:
can deny at the ACL or enable a range from the security group at the ALB / EC2 level (or both)
for NBL (no security group) - block at the VPC NACL
can add WAF with ALB or CloudFront for more specific rules