03 - AWS WAF & AWS Shield

Question 1

What is AWS WAF (Web Access Firewall)?

Answer 1

• Layer 7 Firewall which is Application Aware designed to stop hackers
• AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to Amazon CloudFront, an Application Load Balancer, or API Gateway
• AWS WAF also lets you control access to your content

Question 2

WAF integrates with the following services

Answer 2

• Application Load Balancers (only works with a Layer 7 load balancer (no other types))
• CloudFront
• API Gateway

Question 3

WAF does NOT integrate with

Answer 3

• Classic Load Balancers
• Network Load Balancers

Question 4

DDoS (Distributed Denial of Service Attack)

AWS Shield

Answer 4

AWS Shield (on exam)

• Free service that protects all AWS customers on Elastic Load Balancing (ELB) , Amazon CloudFront, and Route53
• Protects against
  
  • SYN / UDP Floods
  • Reflection Attacks
  • Other Layer 3 / 4 attacks

Question 5

AWS Shield Advanced

Answer 5

• Provides enhanced protections for your applications running on Elastic Load Balancing (ELB), Amazon CloudFront, Route53 against larger more sophisticated attacks (costs $3,000 per month)
• Features:
  
  • Always-on, flow-based monitoring of network traffic and active application monitoring to provide near real time notifications of DDoS attacks
  • DDoS Response Team (DRT) - 24x7 to manage and mitigate application layer DDoS attacks
  • Protects your AWS bill against higher fees due to Elastic Load Balancer (ELB), Amazon CloudFront, and Route53 usage spikes during DDoS attacks
  • Costs $3,000 per month

Question 6

Technologies used to mitigate a DDoS Attack

Answer 6

• AWS Shield Protects
  
  • CloudFront
  • Route53
  • Elastic Load Balancers (ELB)
• Web Application Firewalls (WAF)
• Autoscaling (use for both WAF’s and Web Servers)
• CloudWatch