🛡️

AWS WAF

SecurityWeb Application Firewall

WAF is the defensive layer that inspects incoming HTTP requests to public web endpoints and filters malicious patterns first. It blocks common web attacks before they reach application code.

▶Architecture Diagram

🔗 Relationship

🌐인터넷 트래픽

🛡️WAF

🌍CloudFront

⚖️ALB

🚪API Gateway

📊CloudWatch

🪣S3 (로그)

Dashed line animations indicate the flow direction of data or requests

Why do you need it?

Public web services see bots, scans, SQL injection attempts, and abusive traffic before requests ever reach the application. If you cannot filter that traffic at the front edge, the backend has to absorb legitimate and malicious requests together.

Why did this approach emerge?

Early web applications put much of their defense logic inside app code, but the infrastructure and origin were already burdened before that code even ran. This is why WAF layers filtering requests at the edge and ingress became important.

How does it work inside?

WAF attaches rule sets in front of CloudFront, ALB, or API Gateway to inspect requests and block or allow them. Metrics and logs connect to CloudWatch and S3 for operational visibility.

What is it often confused with?

WAF and IAM are both security services, but they block at different points. IAM controls credential-based permissions, while WAF filters incoming HTTP requests at public endpoints. If the issue is who can access AWS resources, look at IAM; if the issue is filtering malicious web traffic, look at WAF.

Commonly Compared Concepts

🔐

IAM

Access and Permission Management

Both are security services, but IAM controls credentials and permissions while WAF filters incoming HTTP requests at public endpoints.

When should you use it?

Well-suited for websites, public APIs, CDN distributions, bot defense, rate limiting, and common web attack prevention. User authentication or AWS inter-resource permission control is not WAF's role.

SQL injection defenseXSS preventionBot blockingGeographic restrictions