Member-only story
Introduction
AWS has been gaining traction in recent years as an all-in-one solution for cloud solutions. Their strength is that you only pay for what you run and that you can scale really quickly in case of a spike in traffic. Recently, for example, lambdas are taking over but this is not without risk. A lambda can be spun up quickly to catch any traffic spikes. The problem is that this is new technology and it is often misconfigured which allows attackers to run a companies bill sky-high.
We need protection from these mistakes but we also can not trade in any responsiveness. This is a hard task as any inspection consumes resources and time. Meet the AWS WAF.
What is it?
To protect all these GraphQL endpoints, load balancers, API Rest gateway, and CloudFronts we need to have a solution. AWS created a WAF for this purpose to complete its one-stop-shop reputation.
Cost
These WAFs consist of Web ACLs, rules and rulesets. This is also how amazon sets up it’s pricing. AWS calculates the cost in “Capacity units” such as rules which are created or updated and the number of requests coming in.
- A web ACL: 5$/mo
- A rule: $1/mo
- Req: of requests…
