concept AWS WAF in category aws
This is an excerpt from Manning's book AWS Security MEAP V03.
5.2.3 When To Use AWS WAF
We've talked a lot about the features of AWS Web Application Firewall, but we haven't really talked about how to know when you should use it. In this section we'll go through a simple framework for deciding whether to enable AWS WAF. This framework is depicted as a flowchart in figure 5.11.
Figure 5.11 Flowchart describing whether AWS WAF can be used for your application and which features may be most useful.
The first question to ask is whether your application is a web application. AWS WAF is a firewall designed specifically for understanding web application traffic, so if you're not running a web application then AWS WAF is probably not going to help you. The next question is whether your application uses an AWS service that supports WAF. The services that support it are API Gateway, ALB, and CloudFront. If your application doesn't use one of these services, then you won't be able to use WAF. Though, you may want to consider using one of them in the future as they are generally the best tools for fronting web applications.