For this session, we showcase some real-world use cases where you can use Amazon CloudFront logs, AWS WAF, and AWS Lambda to identify bad actors and block them. We also show tutorials and code samples that can help you analyze traffic patterns, and deploy new WAF rules.
8. Customer case study
Customer: Magazine Luiza
• Large eCommerce platform in Brazil > than 700 stores
Requirements:
• Wanted protection days before Black Friday
• Needed APIs for automation
• Needed fast rule updates
• Needed high-scale blocking
13. Demo 2: Lambda based automated protection
• Problem: HTTP Requesters Overwhelm Web Servers or Database
Servers
• Solution: Count Number of requests in CloudFront access logs and
block offenders
Attackers
HTTP Floods (Rate Based Blacklisting)
14. Demo 2: Lambda based automated protection
HTTP Floods (Rate Based Blacklisting)
Good users
(allowed on src
ip)
Bad users
(blocked on src ip)
Amazon
CloudFront
Elastic Load
Balancing
Amazon
EC2
Amazon
RDS
AWS WAF CloudFront
Logs in S3
AWS
Lambda
Amazon
CloudWatch
1
3
2 4
AWS
CloudFormation
Stack
16. More Lambda based automated protection
HTTP floods Scans & probesIP reputation lists Bots & scrapers
Attackers
• Ready to use as-is
• And Customizable
17. Session Takeaways
CloudFront In Front of your
Websites and APIs
TLS/SSL Acceleration
Improve Application
performance without caching
Inherent DDoS Protection
AWS WAF for Automated
Protection
Easy Setup. Get started within
minutes
https://aws.amazon.com/waf/pr
econfiguredrules/
Customizable Automated
Protection.
https://github.com/awslabs/aws
-waf-sample
Ecommerce customers often fights against bots that scrape pricing details
Customers use AWS WAFs to find and block content abuse cases.
Finally, Sometimes bad actors want to bring down a web site, using regular web requests.
Attacker often target slow parts of a web site.
Customers use WAFs to block these requests before they reach web server infrastructure.
AWS WAF integrates with Amazon CloudFront and sits between users and the web server.
By integrating with CloudFront, we keep request latency very low.
In fact, rule execution typically takes less than 1 ms.
The goal is to block all of the bad stuff and let all of the good stuff in
Web application firewall (WAF) that gives you control over who (or what) can access your web applications.
Integrated with Amazon CloudFront
Protection against exploits, abuse, and application DDoS
AWS WAF integrates with CloudFront and sits between users and the web server.
By integrating with CloudFront, we keep request latency very low.
In fact, rule execution typically takes less than 1 ms.
The goal is to block all of the bad stuff and let all of the good stuff in
AWS WAF gives customers the web security features they need, but with a unique approach to security:
Ready-to-use (preconfigured rule sets)
Pre configured Cloud Formation Templates for most common attacks example: SQLi, XSS, IP Blacklists
Customizable rules
Investment in Rules engine
Security Automation: Open source GitHub repository with easily deployable code (using AWS Lambda)
This demo shows you how to use readily available CFT to quickly configure AWS WAF to protect against the following common attacks
This demo shows you how to use readily available CFT to quickly configure AWS WAF to protect against the following common attacks
Customizable = Example: If you want your own Reputation lists, you can easily integrate it with this.
This demo shows you how to use readily available CFT to quickly configure AWS WAF to protect against the following common attacks