Protecting Your AWS ALB from DDoS Attacks by Using AWS WAF

By /

Listen to this Post

2025-02-14

Hosting an application on the internet exposes it to various threats, including random probing, hacking attempts, and distributed denial of service (DDoS) attacks. While it’s impossible to completely stop bad actors, there are measures you can take to mitigate these risks. One such tool is the AWS Web Application Firewall (WAF), which provides robust protection for your applications.

AWS WAF is a cost-effective solution that offers a wide range of built-in rules to safeguard your web applications. It can be configured to work with various AWS services, including:

  • Application Load Balancer (ALB)
  • CloudFront CDN
  • AppSync GraphQL API
  • API Gateway

How to Set Up AWS WAF for DDoS Protection

To protect your AWS ALB from DDoS attacks, follow these steps:

1. Create a Web ACL:

  • Navigate to the AWS WAF & Shield console.
  • Click on “Create web ACL” and specify the region where your ALB is deployed.
  • Define the default action for requests that don’t match any rules (e.g., block or allow).

2. Add Rules to the Web ACL:

  • Use AWS Managed Rules to protect against common threats like SQL injection, cross-site scripting (XSS), and known bad IPs.
  • Create custom rules to block traffic from specific IP ranges or geolocations.

3. Associate the Web ACL with Your ALB:

  • In the AWS WAF console, select your Web ACL and click on “Associated AWS resources.”
  • Choose your ALB from the list and confirm the association.

4. Monitor and Adjust:

  • Use AWS CloudWatch to monitor traffic patterns and adjust your rules as needed.
  • Regularly review AWS WAF logs to identify and respond to new threats.

Example AWS CLI Commands

Here are some practical commands to manage AWS WAF using the AWS CLI:

  • Create a Web ACL: 
    aws wafv2 create-web-acl \
--name MyWebACL \
--scope REGIONAL \
--default-action "Block={}" \
--visibility-config "SampledRequestsEnabled=true,CloudWatchMetricsEnabled=true,MetricName=MyWebACLMetric" \
--region us-east-1

  • Add a Managed Rule Group:

    aws wafv2 update-web-acl \
--name MyWebACL \
--scope REGIONAL \
--default-action "Block={}" \
--rules "Name=ManagedRuleGroup,Priority=1,Statement={ManagedRuleGroupStatement={VendorName=AWS,Name=AWSManagedRulesCommonRuleSet}},Action={Block={}},OverrideAction={Count={}},VisibilityConfig={SampledRequestsEnabled=true,CloudWatchMetricsEnabled=true,MetricName=ManagedRuleGroupMetric}" \
--region us-east-1

  • Associate Web ACL with ALB:

    aws wafv2 associate-web-acl \
--web-acl-arn arn:aws:wafv2:us-east-1:123456789012:regional/webacl/MyWebACL \
--resource-arn arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-alb/1234567890123456 \
--region us-east-1

What Undercode Say

Securing your web applications is a critical aspect of modern IT infrastructure. AWS WAF provides a powerful and flexible solution to protect your applications from DDoS attacks and other common threats. By leveraging AWS Managed Rules and custom configurations, you can significantly reduce the risk of malicious activity targeting your ALB, CloudFront, or API Gateway.

In addition to AWS WAF, consider implementing other security best practices such as:

  • Regularly updating your software and dependencies to patch vulnerabilities.
  • Using strong authentication mechanisms like multi-factor authentication (MFA).
  • Encrypting sensitive data both in transit and at rest.
  • Monitoring your infrastructure with tools like AWS CloudWatch and AWS GuardDuty.

For further reading, check out the AWS WAF documentation and AWS Security Best Practices.

By combining these strategies, you can create a robust defense against cyber threats, ensuring your applications remain secure and available to legitimate users. Remember, cybersecurity is an ongoing process that requires vigilance, regular updates, and proactive monitoring. Stay informed, stay secure.

References:

Hackers Feeds, Undercode AIFeatured Image

Related Posts: