AWS WAF and AWS Shield: Web App Protection in Cloud

Cloud computing is the on-demand delivery of multiple resources over the internet you will pay only for what you have used. Those different resources could be storage, networking, servers, databases, and software. Organizations don’t need to buy any physical hardware and manage that hardware; cloud computing is the solution where you can launch as many as resources as you want without paying the upfront cost.

If companies are using cloud then cloud security would be the major concern for them because they are using cloud for storing a lot of data in cloud. Cloud security is the major concern for the cloud storage providers. Cloud providers not only provide the services to the customers they also need to take care of the sensitive data such as credit card numbers, bank details etc. which users have stored in to the cloud.

Some common threats to cloud security are SQL injection, Cross Site Scripting (XSS), Security misconfiguration, wrong choice of cloud providers. Also, one important threat to cloud security is Distributed Denial of Service (DDoS) attacks which is used to shutdown the normal traffic of website and make that website unavailable to the users by flooding the website with a lot of traffic.

In AWS, there are some services that you can use in order to protect website from these common attacks.

1. AWS Web application Firewall (WAF)

2. AWS Shield

AWS Web Application Firewall (WAF)

AWS WAF stands for web application firewall which is used to give protection to your web apps against different level of web exploits such as SQL injection or Cross Site Scripting (XSS) that could harm your resources by affecting your security or consuming more resources. AWS WAF provides a full control to allow, block, monitor any request which is coming to your web apps. By using these rules, you can filter any traffic that includes IP addresses, HTTP (Headers, body), custom URL’s in order to protect your web application. AWS WAF is integrated with AWS service know as AWS Cloud Front and application load balancer services (ALB). When you are using AWS Cloud Front and AWS WAF together then rules that you defined in AWS WAF will run in all edge location around the world.

In AWS WAF pricing will be based on the rules you defined and the number of requests coming to your web application. You will pay only for the work you have done there is no upfront payment in AWS WAF.

AWS Shield

AWS Shield is AWS service which is used to protect your web application from the DDoS (Distributed Denial of Service) attack. It is known as AWS managed DDoS (Distributed Denial of Service) protection service. AWS Shield has two tiers — Standard or Advanced. AWS Shield can work with many AWS services such as Cloud Front, Elastic Load Balancer, Route 53, etc.

AWS Shield Standard is a service available in AWS. AWS Shield standard protects your web application and website against common network layers and transport layer (Layer 3 or layer 4) attacks. All AWS customers can use this without paying any cost. This protection applied to AWS resources AWS Cloud Front, Route 53, Elastic Load balancing.

AWS Shield Advanced is a paid service and provides higher level of protection against the attacks. Firstly, you need to subscribe to AWS Shield advanced. AWS Shield does not provide any automatic protection against attacks. AWS Shield only protect those resource that you have defined in AWS Shield advanced. Attacks can be happened on the application running on the AWS Elastic Compute Cloud (EC2) elastic IP addresses, AWS Cloud Front, AWS Route 53, Elastic Load Balancing and AWS Global Accelerator.

Monitoring and Logging in AWS ?

When you are running web application then you need to maintain the performance, availability of your resource and your web application. Monitoring and logging will help you to maintaining the performance by collecting information about the request which was made to your web application and do further log analysis using amazon Athena. AWS provides various services such as Amazon CloudWatch alarms, CloudTrail logs through which you can do monitoring for your AWS resources.

Using CloudWatch alarms, It will collect and track the single metric over a time period and if the limit exceed then it will send notification to your SNS topic.

Using CloudTrail, It is a service in AWS which is used to record all activity which is happening in the AWS Account. You can view last 90 days action in the CloudTrail dashboard

Which is best Protection Plan ?

In Most of the cases users prefer AWS Shield Standard plan for DDoS (Distributed Denial of Service) protection. AWS Shield Standard provides the protection for layer 3 or layer 4 attacks with no extra cost. If you are good in technical things and want full control for monitoring and protection for layer 7 attacks. Then AWS Shield standard would be best choice. But if you want AWS to handle DDoS protection and all the responsibilities for layer 3, Layer 4 and Layer 7 attacks then AWS shield advanced would-be better option. AWS Shield Advanced provide the protection for layer 3, Layer 4, Layer 7 attacks also it include AWS WAF at no extra cost. With AWS Shield Standard you need to create protection for layer 7 attacks and it does not include AWS WAF at no extra cost. AWS Shield Advanced provide the detailed visibility information about the DDoS attack which was happened before against AWS resources and 24/ 7 support from DDoS Response team (DRT). Although both AWS Shield Standard or Advanced provide the DDoS protection to web application. It is also recommended that you should also use the Amazon CloudWatch and Amazon Cloud rail to monitor all your AWS Services.