AWS Shield & WAF Infographic

AWS Shield & WAF

The dual-layered defense strategy for protecting your cloud infrastructure against massive DDoS attacks and sophisticated Layer 7 web exploits.

The Security Stack

Shield Standard

Automatic protection for all AWS customers at no extra cost. Defends against the most common Network (L3) and Transport (L4) layer attacks.

  • Always-on Monitoring
  • Static Thresholding

Shield Advanced

Enterprise-grade DDoS protection with 24/7 access to the AWS SRT (Shield Response Team) and cost protection against scaling spikes.

  • Health-based Detection
  • SRT Engagement
  • DDoS Cost Protection

AWS WAF

A web application firewall that lets you monitor HTTP/S requests and control access to your content using custom or managed rules.

  • SQL Injection Blocking
  • Cross-site Scripting (XSS)
  • Bot Control

The Defense Flow

How traffic is scrubbed before reaching your origin

INTERNET Global Traffic AWS SHIELD L3/L4 DDoS Mitigation AWS WAF L7 Inspection & Rules ORIGIN Clean Traffic
Incoming Requests
Packet Inspection
Payload Analysis
Secure Delivery

INTEGRATION

Works seamlessly with CloudFront, ALB, API Gateway, and AppSync.

VISIBILITY

Real-time metrics and logs via CloudWatch and Kinesis Firehose.

MANAGED RULES

Deploy pre-configured rules from AWS or Marketplace partners.

AUTOMATION

Full SDK/CLI support for Infrastructure as Code (Terraform/CDK).

SECURITY ARCHITECTURE

Educational Resource • Layered Security Principles

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top