1. Answers
  2. Protect Web Applications with AWS WAF

How do I protect my web applications from common web threats using AWS WAF?

Introduction

This guide will show you how to set up AWS Web Application Firewall (WAF) to protect your web applications from common web threats such as SQL injection and Cross-Site Scripting (XSS) attacks. We’ll use infrastructure as code to define a WAF Web ACL, create necessary rules, and apply these rules to secure your web application.

Key Points

  • AWS WAF: A web application firewall that helps protect your web applications or APIs from common web exploits.
  • Web ACL (Access Control List): Defines the rules to inspect and block, allow, or monitor (count) web requests to your web application.
  • Rules: Define the conditions and actions to take when a web request matches certain criteria.

Below is the complete example code:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Define the AWS WAF Web ACL
const example = new aws.wafv2.WebAcl("example", {
    name: "example",
    scope: "REGIONAL",
    description: "Web ACL to protect my web application",
    defaultAction: {
        allow: {},
    },
    visibilityConfig: {
        cloudwatchMetricsEnabled: true,
        metricName: "web-acl",
        sampledRequestsEnabled: true,
    },
    rules: [{
        name: "AWS-AWSManagedRulesCommonRuleSet",
        priority: 1,
        overrideAction: {
            none: {},
        },
        statement: {
            managedRuleGroupStatement: {
                name: "AWSManagedRulesCommonRuleSet",
                vendorName: "AWS",
            },
        },
        visibilityConfig: {
            cloudwatchMetricsEnabled: true,
            metricName: "AWSManagedRulesCommonRuleSet",
            sampledRequestsEnabled: true,
        },
    }],
});
// Example CloudFront distribution to illustrate WAF usage
const exampleDistribution = new aws.cloudfront.Distribution("example", {
    origins: [{
        domainName: "example.com",
        originId: "example",
    }],
    webAclId: example.arn,
    enabled: true,
    defaultCacheBehavior: {
        allowedMethods: [
            "GET",
            "HEAD",
        ],
        cachedMethods: [
            "GET",
            "HEAD",
        ],
        targetOriginId: "example",
        viewerProtocolPolicy: "redirect-to-https",
    },
    restrictions: {
        geoRestriction: {
            restrictionType: "none",
        },
    },
    viewerCertificate: {
        cloudfrontDefaultCertificate: true,
    },
});
export const webAclArn = example.arn;
export const cloudfrontDistributionId = exampleDistribution.id;

Concluding Summary

In this example, we set up an AWS WAF Web ACL with managed rules to protect against common web threats. We created a simple CloudFront distribution and associated the Web ACL with it. Detailed configuration for metrics and sampling was included to monitor the requests handled by WAF. This setup increases the security posture of your web applications, helping to mitigate potential vulnerabilities.

Key Points

  • Created an AWS WAF Web ACL to manage rules for web requests.
  • Defined a managed rule group for common web threats.
  • Associated the WAF Web ACL with a CloudFront distribution.
  • Configured metrics and logging for better visibility.

Using AWS WAF effectively can significantly improve your web application’s security and provide more control over incoming web traffic.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up