Web Application Firewall (WAF)


Hi. I've designed an architecture diagram for an application that has 7 EC2 instances. Each of those EC2s has an application load balancer (ALB) sending traffic. At the level of each ALB, I have a WAF. So the question is: should the WAF be put at the level of the EC2 or at the level of the ALB? And does it make any difference whether it's a web server or API server? Thank you.

preguntada hace 2 años534 visualizaciones
1 Respuesta
Respuesta aceptada

Q. Should the WAF be put at the level of the EC2 or at the level of the ALB?

A. See below from FAQ, as you already have, WAF is deployed at the ALB layer not EC2.

What services does AWS WAF support?

AWS WAF can be deployed on Amazon CloudFront, the Application Load Balancer (ALB), Amazon API Gateway, and AWS AppSync. As part of Amazon CloudFront it can be part of your Content Distribution Network (CDN) protecting your resources and content at the Edge locations. As part of the Application Load Balancer it can protect your origin web servers running behind the ALBs. As part of Amazon API Gateway, it can help secure and protect your REST APIs. As part of AWS AppSync, it can help secure and protect your GraphQL APIs.

profile pictureAWS
respondido hace 2 años
profile picture
revisado hace un mes

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas