Member-only story
Introduction
AWS has been gaining traction in recent years as an all-in-one solution for cloud solutions. Their strength is that you only pay for what you run and that you can scale really quickly in case of a spike in traffic. Recently, for example, lambdas are taking over but this is not without risk. A lambda can be spun up quickly to catch any traffic spikes. The problem is that this is new technology and it is often misconfigured which allows attackers to run a companies bill sky-high.
We need protection from these mistakes but we also can not trade in any responsiveness. This is a hard task as any inspection consumes resources and time. Meet the AWS WAF.
What is it?
To protect all these GraphQL endpoints, load balancers, API Rest gateway, and CloudFronts we need to have a solution. AWS created a WAF for this purpose to complete its one-stop-shop reputation.
Cost
These WAFs consist of Web ACLs, rules and rulesets. This is also how amazon sets up it’s pricing. AWS calculates the cost in “Capacity units” such as rules which are created or updated and the number of requests coming in.
- A web ACL: 5$/mo
- A rule: $1/mo
- Req: of requests: $0.60/mil req
- Bot control: $10/mo
- Bot control requests: 1$/mil req
Web ACLs
These WAFs consist of ACLs. An ACL is an access control list that is just a collection of rulesets. These rulesets contain rules in their turn. This ensures maintainability as the structure is very hierarchical.
All of this is not very important when hacking but it’s good to know as some rules under different rulesets may contradict each other.
How does it work?
When a request comes in, it first needs to get inspected by every ruleset in the web ACL. An inspection occurs and the engine decides which action to take. It can either allow, block or count…
