Table of Contents
With the advent of cloud computing and resources, applications hosting on cloud have also given emergence to new techniques of attacks and increase in cyber attacks hence security has become top most priority for organizations. Cloud providers provide a wide range of security features to strengthen the cloud infrastructure and provide overall security to the hosted environment.
Today we look more in detail about AWS shield and AWS WAF or Web application firewall, their features, how they differ from each other and deployment scenarios.
What is AWS Shield?
AWS shield is a managed security service which provides protection of web applications in AWS environment against Distributed Denial-of-services attack or (DDoS).
In DDoS attack scenarios, an attacker sends a large amount of fake traffic to a hosted application resulting in crashing of underlying systems due to enormous load on systems impacting application availability to end users.
AWS Shield has two operational tiers
AWS Shield Standard
- Provides round the clock detection of most common attacks
- Works on network and transport layer of OSI
- Automatic mitigation of DDoS attacks
- It is turned on by default and applicable for all AWS services
- It comes bundled so no additional cost is involved
AWS Shield Advanced
- It provides additional protection against more advanced and sophisticated attacks
- Works with EC2, ELB, CloudFront, Route53 etc
- Subscription is required to Shield advanced hence it is paid service
- Provides 24*7 access to Shield response team
Related: AWS Shield Comprehensive Guide
What is AWS WAF?
AWS WAF is a web application firewall which monitors the HTTP(S) requests that are forwarded to protected web application resources. WAF is able to protect Amazon CloudFront distribution, Amazon API gateway REST API, Application load balancer, AWS AppSync GraphQL API, Amazon Cognito user pool and AWS App Runner service. It lets us control content access.
In Web access control list (ACL) we can create rules to define traffic patterns to look for requests and specify the actions on matched requests. The choice of actions include – allow requests to go to protected resources, block the request, count the request, Run CAPTCHA or challenge checks to verify human users and standard browser use.
Features of AWS WAF
- Additional protection against web attacks using criteria specified.
- Rules to allow, block, count web requests meeting criteria
- Rules can be reused for multiple web applications
- Real time metrics reporting
- Automatic administration using AWS WAF API
Comparison: AWS Shield vs AWS WAF
Below table summarizes the differences between the two:
Download the comparison table: AWS Shield vs AWS WAF