is a web application firewall that helps monitor the HTTP/HTTPS traffic and allows controlling access to the content.
helps protect web applications from attacks by allowing rules configuration that allow, block, or monitor (count) web requests based on defined conditions. These conditions include IP addresses, HTTP headers, HTTP body, URI strings, SQL injection and cross-site scripting.
helps define Web ACLs, which is a combination of Rules that is a combinations of Conditions and Action to block or allow
integrated with CloudFront, Application Load Balancer (ALB), API Gateway services commonly used to deliver content and applications
supports custom origins outside of AWS, when integrated with CloudFront
Third Party WAF
act as filters that apply a set of rules to web traffic to cover exploits like XSS and SQL injection and also help build resiliency against DDoS by mitigating HTTP GET or POST floods
WAF provides a lot of features like OWASP Top 10, HTTP rate limiting, Whitelist or blacklist, inspect and identify requests with abnormal patterns, CAPTCHA etc
a WAF sandwich pattern can be implemented where an autoscaled WAF sits between the Internet and Internal Load Balancer
is a managed service that provides protection against Distributed Denial of Service (DDoS) attacks for applications running on AWS
provides protection for all AWS customers against common and most frequently occurring infrastructure (layer 3 and 4) attacks like SYN/UDP floods, reflection attacks, and others to support high availability of applications on AWS.
offers threat detection that enables continuous monitoring and protects the AWS accounts and workloads.
is a Regional service
analyzes continuous streams of meta-data generated from AWS accounts and network activity found in AWS CloudTrail Events, EKS audit logs, VPC Flow Logs, and DNS Logs.
integrated threat intelligence
combines machine learning, anomaly detection, network monitoring, and malicious file discovery, utilizing both AWS-developed and industry-leading third-party sources to help protect workloads and data on AWS
supports suppression rules, trusted IP lists, and thread lists.
provides Malware Protection to detect malicious files on EBS volumes
operates completely independently from the resources so there is no risk of performance or availability impacts on the workloads.
is a vulnerability management service that continuously scans the AWS workloads for vulnerabilities
automatically discovers and scans EC2 instances and container images residing in Elastic Container Registry (ECR) for software vulnerabilities and unintended network exposure.
creates a finding, when a software vulnerability or network issue is discovered, that describes the vulnerability, rates its severity, identifies the affected resource, and provides remediation guidance.
is a Regional service.
requires Systems Manager (SSM) agent to be installed and enabled.
helps analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities.
automatically collects log data from the AWS resources and uses machine learning, statistical analysis, and graph theory to build a linked set of data to easily conduct faster and more efficient security investigations.
enables customers to view summaries and analytical data associated with CloudTrail logs, EKS audit logs, VPC Flow Logs.
provides detailed summaries, analysis, and visualizations of the behaviors and interactions amongst your AWS accounts, EC2 instances, AWS users, roles, and IP addresses.
maintains up to a year of aggregated data
is a Regional service and needs to be enabled on a region-by-region basis.
is a multi-account service that aggregates data from monitored member accounts under a single administrative account within the same region.
has no impact on the performance or availability of the AWS infrastructure since it retrieves the log data and findings directly from the AWS services.