vishal kumar's Blog

Building a Secure Foundation with WAF,Autoscaling and load balancing

vishal kumar's photo
vishal kumar
·

4 min read

Table of contents

Introduction:

Hello All, Today we'll be exploring the robust capabilities of AWS Web Application Firewall (WAF) to fortify our infrastructure. Join us on this journey as we delve into the fundamental aspects of WAF and embark on a hands-on project to enhance the security measures of our web applications.

Understanding AWS Web Application Firewall (WAF):

AWS Web Application Firewall (WAF) stands as a crucial defence mechanism against malicious attacks targeting web applications. This powerful tool empowers you to establish custom rules, offering a vigilant monitoring system for both HTTP and HTTPS requests. Seamlessly integrated with Amazon CloudFront and Application Load Balancers, WAF provides meticulous control over the incoming traffic to your applications.

To kickstart this journey, navigate to the AWS WAF console. Here, we will guide you through the creation of WebACLs (Access Control Lists), enabling you to define rules that dictate the allowance or denial of specific requests. These rule sets encompass various conditions, including IP addresses, geographic locations, and even custom rules based on the content of the requests. Let's reinforce our security posture with the versatility of AWS WAF!

Hands-On Project: Building a Secure Infrastructure

Step 1 - Creating a Launch Template:

Our first step is to create a Launch Template, a powerful resource that defines the parameters for launching instances within our Auto Scaling Groups.

  1. In the EC2 Dashboard, find the "Launch Templates" section.

  2. Click "Create Launch Template" and configure the necessary settings, including the Amazon Machine Image (AMI), instance type, and storage.

  3. In the "Advanced Details" section, under "User data," paste the following script to deploy a todo list web app from a Docker image:

  4. #!/bin/bash

    #Update the package list

    sudo apt-get update -y

    #Install Docker

    sudo apt-get install -y docker.io

    sudo systemctl start docker

    sudo systemctl enable docker

    #Pull the Docker image from DockerHub

    sudo docker pull Vishalkumargit/todo-app:latest

    #Run the Docker container, exposing port 8001

    sudo docker run -d -p 80:8001 Vishalkumargit/todo-app:latest

  5. Save the template.

Step 2 - Auto Scaling Group (ASG):

Now, let's use the Launch Template to set up an Auto Scaling Group, ensuring our applications can handle varying workloads seamlessly.

  1. In the EC2 Dashboard, under "Auto Scaling Groups," click "Create Auto Scaling Group."

  2. Select the Launch Template you created earlier.

  4. Configure scaling policies, desired capacity, and other parameters.

Step 3 - Application Load Balancer (ALB):

With our Auto Scaling Group in place, it's time to distribute traffic efficiently using an Application Load Balancer.

  1. In the EC2 Dashboard, navigate to "Load Balancers" and click "Create Load Balancer."

  2. Choose "Application Load Balancer" and configure the settings, including listener configurations.

  3. Add the instances from your Auto Scaling Group to the target group.

Securing Your Infrastructure with WAF:

Subtitle: Step 4 - Configuring WAF WebACL:

Now that our infrastructure is set up let’s enhance its security by configuring a WebACL in WAF.

  1. In the AWS WAF console, go to WebACLs and click "Create WebACL."

  2. Define the conditions for your WebACL, specifying the rules to allow or block requests.

  4. Associate the WebACL with your Application Load Balancer.

By configuring a WAF WebACL, you add an additional layer of protection to your applications, safeguarding them against various cyber threats.

Subtitle: Step 5 - Testing the Todo App:

It's time to put our todo list web app to the test. Open your web browser and navigate to:

http://<Your_Load_Balancer_DNS_Name>:80

Replace <Your_Load_Balancer_DNS_Name> with the DNS name of your Application Load Balancer. If everything is configured correctly, you should see your todo list web app in action. Congratulations on successfully deploying and testing your application!

Conclusion:

Congratulations! We have successfully strengthened our AWS infrastructure. Understanding the nuances of AWS Web Application Firewall and implementing a secure project with launch templates, auto-scaling groups, and application load balancers are crucial steps in our AWS journey.

Stay tuned, we'll explore more AWS services to optimize and enhance your cloud experience. Remember, each day brings us closer to mastering the art of AWS.

Let's connect on LinkedIn.

Checkout my GitHub profile.

DevopsAWSwaffirewallCloud