AWS WAF
Use this page as a service-specific case-study starter for architecture, simulation, and optimization scenarios in pinpole.cloud.
Why this service matters
AWS WAF protects web applications from common exploits.
Power:
- Rate-based rules for DDoS mitigation
- Managed rule groups (OWASP, Bot Control, Account Takeover)
- Custom rules with regex, geo-match, IP sets
- Integration with CloudFront, ALB, API Gateway, AppSync
- Real-time metrics and sampled requests
Important workflows
- Design - Configure service behavior for your workload.
Configuration sections
- Why WAF (Power + Limits)
- WAF Settings
- Service Quotas
Key configuration points
| Point | Default / Value | Category |
|---|---|---|
| Enabled | true | WAF Settings |
| Default Action | allow | WAF Settings |
| Rate Limit (requests per 5 min per IP) | 2000 | WAF Settings |
| Enable AWS Managed Rules | true | WAF Settings |
| Enable Bot Control | false | WAF Settings |
| Enable Logging | true | WAF Settings |
| Web ACLs per region | 100 | Service Quotas |
| Rules per web ACL | 100 | Service Quotas |
| WCU per web ACL | 5000 | Service Quotas |
| IP sets per region | 100 | Service Quotas |
| IP addresses per IP set | 10000 | Service Quotas |
| Regex pattern sets per region | 10 | Service Quotas |