AWS WAF

AWSSecurity

Web application firewall that protects against common exploits with managed rule groups, custom rules, rate-based rules, Bot Control, and CAPTCHA challenges

FluffyStack tools
Add to Service BuilderAdd to CompareCompare with equivalentsExplore AWS in TreemapExplore security in Honeycomb
DocumentationPricing

Attributes

SLA Uptime
99.95%
Cloudfront Integration
Yes
Rate Based Rules
Yes

Sub-services (3)

Web ACLs

Define rules to filter and control web traffic

Managed Rule Groups

Pre-configured rules from AWS and marketplace sellers

Bot Control

Manage and block automated bot traffic

Compliance & Certifications

This service is attested for the following frameworks. Always verify with the provider before relying on a specific compliance posture.

GDPRSOC 2ISO 27001HIPAAPCI DSSFedRAMP

Where this runs

38 regions
27 countries
5sovereign
Sovereign regions (5)
  • AWS GovCloud (US-East) · AshburnAWS GovCloud (US)
  • AWS GovCloud (US-West) · HillsboroAWS GovCloud (US)
  • AWS European Sovereign Cloud (Brandenburg) · BrandenburgAWS European Sovereign Cloud
  • China (Beijing) · BeijingAWS China (Sinnet)
  • China (Ningxia) · YinchuanAWS China (NWCD)
Commercial regions (33)

Europe (8)

  • Europe (Paris)
  • Europe (Frankfurt)
  • Europe (Ireland)
  • Europe (Milan)
  • Europe (Spain)
  • Europe (Stockholm)
  • Europe (Zurich)
  • Europe (London)

North America (7)

  • Canada West (Calgary)
  • Canada (Central)
  • Mexico (Central)
  • US East (N. Virginia)
  • US West (Oregon)
  • US East (Ohio)
  • US West (N. California)

South America (1)

  • South America (São Paulo)

Asia (11)

  • Asia Pacific (Hong Kong)
  • Asia Pacific (Hyderabad)
  • Asia Pacific (Mumbai)
  • Asia Pacific (Jakarta)
  • Asia Pacific (Osaka)
  • Asia Pacific (Tokyo)
  • Asia Pacific (Malaysia)
  • Asia Pacific (Singapore)
  • Asia Pacific (Seoul)
  • Asia Pacific (Taipei)
  • Asia Pacific (Thailand)

Oceania (2)

  • Asia Pacific (Melbourne)
  • Asia Pacific (Sydney)

Middle East (3)

  • Middle East (Bahrain)
  • Israel (Tel Aviv)
  • Middle East (UAE)

Africa (1)

  • Africa (Cape Town)

Tags

firewallweb-securityDDoSbot-controlprotection

Equivalent services on other platforms

Alibaba Web Application FirewallAlibaba

Managed WAF protecting web apps from OWASP Top 10 attacks, bot traffic, API abuse, and data scraping, with global and China regional deployment, custom rule engine, and unified consoles across Anti-DDoS and Security Center

Azure Application GatewayAzure

Layer 7 load balancer with integrated web application firewall, SSL termination, URL-based routing, cookie-based session affinity, and autoscaling based on traffic

Cloud ArmorGCP

Edge DDoS protection and web application firewall with managed rule sets for OWASP Top 10, adaptive bot protection, and reCAPTCHA Enterprise integration

Huawei Web Application FirewallHuawei

Managed web application firewall with OWASP Top 10 rule sets, bot management, anti-crawler, CC (challenge-collapsar) attack mitigation, custom rule engine, and regional deployment with integrated DDoS protection

Pricing

Pricing model:pay-as-you-go