WS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, or an AWS AppSync GraphQL API. AWS WAF also lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, Amazon CloudFront, Amazon API Gateway, Application Load Balancer, or AWS AppSync responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You also can configure CloudFront to return a custom error page when a request is blocked.

In this lab we going to learn how to create a WAF and used with a ELB, an Application load balancer, in the last post we create an application load balancer, lets use that post to add a WAF on top on it.

Requirements

Hands-On

  1. Go to WAF & Shield

2. Click on Create web ACL

3. Give it a name, give it a CloudWatch name, and select the Region the load balancer is register on

4. Click on Add AWS resources

5. Select Application Load Balancer and select the load balancer and click on Add

6. You can click on Add rules, and Add managed rule groups to add rules recommended by Amazon, or add your own rules depending on the needs of your application.

7. On AWS managed rule groups, add Admin protection and Amazon IP reputation list, click on Add rules on the end

8. Click on Next

9. In the next window you can move the rules to set the priority, click on Next

10. In the next window you can set the CloudWatch metrics for each rule, as this is for testing, I'm going to uncheck the metrics and disable the sampled requests, click on Next

11. Review and click on Create web ACL

12. Wat until the Web ACL is ready

13. Great now you can use the Load Balancer DNS and use to test the Web ACL, when you make a request to the DNS name, the Web ACL will analize the traffic and depending on the set of rules you define it will allow or block your request.

In the next post we going deeper in the AWS Services.

Clean-Up

  1. In AWS WAF, Web ACL's click the Web ACL name

2. On the Associated AWS resources tab, select the Load balancer and click on Disassociate

3. Confirm

4. Go back to the Web ACL's, select the Web ACL and click on Delete

5. Confirm

6. On EC2, Load Balancers, select the load balancer and click Actions, Delete

7. Confirm

8. Go to Target groups, select the target group and click on Actions, Delete and confirm

9. Go to Security groups and select the security groups we create with this lab and delete them, selecting them and on Actions clicking on Delete security group

10. Select the instances on EC2, and click on Instance state and click on Terminate instance and confirm