Protect Your Web-facing Workloads with AWS Security Services

Posted on February 05, 2021

Notes: Protect Your Web-facing Workloads with AWS Security Services

These are notes from this AWS Security course.

Protect Your Web-facing Workloads with AWS Security Services

As network attacks and intrusion attempts become more sophisticated, application developers and network managers have to manage the balance between protecting their boarders from bad guys while still maintaining a positive online presence for their customers. In this course, Shane Baldaccio will guide you through planning and implementing AWS Security Services in conjunction with traditional security services to build an intelligent, self-defending border to protect your mission critical online assets.


OWASP Style attacks

  • SQL Injection
  • Insecurity desearlization
  • XXS

You can see them here

Hacktivists & Crime Syndicates

Terabyte level of botnets firing DDOS attacks at web based services.

Today’s syndicates will rent out botnets by hour.

Various tools:

  • L3-L7 firewalls
  • DDoS Mitigation BGP traffic rerouting
  • Static application security testing
  • Monitor logs

Real solutions

Example company running Wordpress with customizations to integrate with ERP & CRM.

Example wordpress company

Example infrastructure Example infa

Essentially, they have several vulnerabilities in some custom work and plugins on their site. He was able to exploit them.

AWS Shield

AWS Shield helps minimizes application downtime and has a standard version available at no cost.

It helps prevent DDoS attacks and monitors incoming requests.

These protect against network and transport layer attacks.


Web Application firewall that prevents. It lets you block or allow traffic.

Blocks top 10 OWASP style attacks.

Self Defending Borders


Drive configuration of AWS WAF by triggering Step Function and Lambda from WAF result.

This allows you to automatically update your WAFs with developers clicking a button of Approve or Deny for various abnormal requests.

The feedback loop makes your defense stronger and it harder to miss abnormal requests.

AWS Guard Duty

  • Detects unusual API calls
  • Monitors AWS SDK/Console calls