AWS WAF workshop
⚠️This workshop uses AWS WAF Classic
This workshop introduces AWS WAF and the AWS WAF Security Automations solution.
The AWS WAF enables customers to create rules to block common attack patterns, administered via APIs. The Security Automation Solution extends WAF by deploying a set of preconfigured rules to protect applications. These rules can be customised for your application.
- Understand the built in functionality provided by AWS WAF
- Understand how the Security Automation Solution extends AWS WAF
- Understand how to configure the Security Automation Solution
To complete this workshop you will require the following:
- An AWS Account.
- If you don’t already have an AWS account, create one at https://aws.amazon.com by following the on-screen instructions
- Your access to the AWS account must have IAM permissions to launch AWS CloudFormation templates that create IAM roles.
In step 0 you will deploy the AWS resources required for later steps of the workshop.
In step 1 you will set up the AWS WAF with an example web application and explore how the AWS WAF Security Automation Solution blocks three common types of attack.
- SQL Injection & Cross Site Scripting
- HTTP Flood
- Scanners and Probes
In step 2 you will customise the rules and settings of the the AWS WAF Security Automation Solution.
Step 3 contains two optional extensions to the workshop.
This library is licensed under the MIT-0 License. See the LICENSE file.