Security is a shared responsibility between AWS and the customer, with responsibility boundaries that vary depending on factors such as the AWS services used. For example, when you build your web application with AWS services such as Amazon CloudFront, Amazon API Gateway, Application Load Balancer, or AWS AppSync you are responsible of protecting your web application at Layer 7 of the OSI Model. AWS WAF is a tool that helps you protect web applications by filtering and monitoring HTTP(S) traffic, including traffic from the public internet. Web application firewalls (WAFs) protect applications at the application layer from common web exploits that can affect application availability, compromise security, and consume excessive resources. For example, you can use AWS WAF to protect against attacks such as cross-site request forgery, cross-site scripting (XSS), file inclusion, and SQL injection, among other threats in the OWASP Top 10. This layer of security can be used together with a suite of tools to create a holistic defense-in-depth architecture.
