AWS Web Application Firewall (WAF) is a security system that controls incoming and outgoing traffic for applications and websites based in the Amazon Web Services public cloud. AWS WAF protects applications and sites from common Web attacks that could otherwise negatively affect application performance and availability.
AWS WAF gives a developer the ability to customize security rules to allow, block or monitor Web requests. Amazon CloudFront -- AWS' content delivery network -- receives a request from an end user and forwards that request to AWS WAF for inspection. AWS WAF then responds to either block or allow the request. A developer can also use AWS WAF's integration with CloudFront to apply protection to sites that are hosted outside of AWS.
Developers create rules in AWS WAF that can include placing limitations on certain IP addresses, HTTP headers and URI strings. AWS WAF rules can prevent common Web attacks, such as SQL injection and cross-site scripting, which look to exploit vulnerabilities in a site or application. Rules take roughly one minute to activate, and a developer can track the effectiveness of those rules by viewing real-time metrics in Amazon CloudWatch or through sampled Web requests stored in the AWS WAF API or AWS Management Console. These metrics include IP addresses, geo locations and URIs for each request.
A developer can also test firewall rules by configuring a "count" action that counts the number of previous Web requests that would have been blocked or allowed if that rule was in place. A single defined set of rules can protect multiple sites and applications. Amazon CloudWatch also allows a developer to set up alarms for particular attacks or when thresholds are exceeded.
AWS WAF charges customers based on the number of Access Control Lists (ACLS) created, the number of rules per ACL and the number of Web requests received.