How to optimize costs with AWS WAF (CDN201)

Protecting Your Applications and APIs with AWS WAF: Cost-Efficient Practices

Introduction

  • The session covers best practices to protect applications and APIs against various threats in a cost-efficient manner using AWS WAF.
  • The presenters are Igor Kush, a Senior Solutions Architect at AWS, and Devan Agal.

Key Takeaways

  1. Overview of AWS WAF

    • AWS WAF is a cloud-native firewall that provides a flexible rule engine to configure custom and managed rules.
    • It offers advanced protections, observability, and access logging capabilities.
    • The main building blocks of AWS WAF are Web ACLs, Rule Groups, and Rules.
  2. Building Protections Against Common Threats

    • Start with free AWS-managed rules and high-confidence rules based on your threat intelligence.
    • Use a combination of baseline rule groups, use-case specific rule groups, and at least one rate-based rule.
    • Understand the concept of AWS WAF capacity units (WCU) and stay under the 1,500 WCU threshold to avoid additional charges.
  3. Advanced Protections and Cost Optimization

    • Leverage AWS WAF's intelligence threat mitigation capabilities to address sophisticated threats, such as bots and account fraud.
    • Understand the pricing model for advanced protections, including monthly fees and per-request fees.
    • Prioritize the rule order to ensure high-confidence and free rules are processed first before the premium rules.
    • Scope down the premium rule groups to specific paths or use cases to optimize costs.
  4. Other Cost-Saving Measures

    • Use log filtering and field reduction to reduce the volume of logs.
    • Consider using AWS Security Hub or AWS Firewall Manager for multi-account setups.
    • Implement the AWS WAF SDK to optimize the number of requests for intelligent threat detection rules.
  5. Demonstration

    • The presenters walk through a practical example of configuring AWS WAF rules with appropriate prioritization and scoping to achieve cost-efficient protection.
  6. Additional Resources

    • Refer to the provided references for more information on AWS WAF pricing and cost-effective security practices.

Your Digital Journey deserves a great story.

Build one with us.

Cookies Icon

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.

Talk to us