Web Application Firewall (WAF)

0

Hi. I've designed an architecture diagram for an application that has 7 EC2 instances. Each of those EC2s has an application load balancer (ALB) sending traffic. At the level of each ALB, I have a WAF. So the question is: should the WAF be put at the level of the EC2 or at the level of the ALB? And does it make any difference whether it's a web server or API server? Thank you.

asked 2 years ago505 views
1 Answer
2
Accepted Answer

Q. Should the WAF be put at the level of the EC2 or at the level of the ALB?

A. See below from FAQ, as you already have, WAF is deployed at the ALB layer not EC2.

What services does AWS WAF support?

AWS WAF can be deployed on Amazon CloudFront, the Application Load Balancer (ALB), Amazon API Gateway, and AWS AppSync. As part of Amazon CloudFront it can be part of your Content Distribution Network (CDN) protecting your resources and content at the Edge locations. As part of the Application Load Balancer it can protect your origin web servers running behind the ALBs. As part of Amazon API Gateway, it can help secure and protect your REST APIs. As part of AWS AppSync, it can help secure and protect your GraphQL APIs.

profile pictureAWS
EXPERT
answered 2 years ago
profile picture
EXPERT
reviewed 3 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions