Getting started with Amazon WAF using the updated console experience - Amazon WAF, Amazon Firewall Manager, Amazon Shield Advanced, and Amazon Shield network security director
Access the new console experienceGet started with a protection pack
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Introducing a new console experience for Amazon WAF

You can now use the updated experience to access Amazon WAF functionality anywhere in the console. For more details, see Working with the updated console experience.

Getting started with Amazon WAF using the updated console experience

This section guides you through setting up Amazon WAF using the new updated console experience, which provides simplified configuration workflows and enhanced security management capabilities.

Access the new console experience

To access the new Amazon WAF console experience:

Sign in to the Amazon Web Services Management Console and open the Amazon WAF console at https://console.amazonaws.cn/wafv2/homev2.

  • In the navigation pane, locate and select Try the new experience.

Note

You can switch between console experiences at any time using the link in the navigation pane.

Get started with a protection pack

This tutorial shows you how to create and configure a protection pack to protect your applications. Protection packs provide pre-configured security rules tailored to specific workload types.

In this tutorial, you'll learn how to:

  • Create a protection pack

  • Configure application-specific protection settings

  • Add Amazon resources to protect

  • Choose and customize protection rules

  • Configure logging and monitoring

Note

Amazon typically bills you less than US $0.25 per day for the resources that you create during this tutorial. When you're finished, we recommend that you delete the resources to prevent incurring unnecessary charges.

Step 1: Set up Amazon WAF

If you haven't already followed the general setup steps in Setting up your account to use the services, do that now.

Step 2: Create a protection pack

In this step, you'll create a protection pack and configure its basic settings to match your application type.

  1. Sign in to the Amazon Web Services Management Console and open the Amazon WAF console at https://console.amazonaws.cn/wafv2/homev2.

  2. In the navigation pane, choose Resources & protections.

  3. On the Resources & protections page, choose Add protection pack.

  4. Under Tell us about your app, for App category, select one or more app categories that best describe your application.

  5. For Traffic source, choose the type of traffic your application handles:

    • API - For API-only applications

    • Web - For web-only applications

    • Both API and Web - For applications that handle both types of traffic

Step 3: Add resources to protect

Now you'll specify which Amazon resources to protect with your protection pack.

  1. Under Resources to protect, choose Add resources.

  2. Choose the category of Amazon resource to associate with this protection pack:

    • Amazon CloudFront distributions

    • Regional resources

    For more information about resource types, see Associating protection with an Amazon resource.

Step 4: Choose protection rules

In this step, you'll select the protection rules for your protection pack. For first-time users, we recommend choosing the Recommended option.

Amazon WAF generates Recommended protection packs for you based on your selections in the Tell us about your app section. These packs implement security best practices for your application type.

  • Choose Next to continue with the protection pack setup.

Note

If you're interested in creating custom rules or using the You build it option, we recommend first gaining experience with the pre-configured options. For more information about creating custom protection packs and rules, see Creating a protection pack or web ACL in Amazon WAF.

Step 5: Customize protection pack settings

Now you'll configure additional settings like default actions, rate limits, and logging.

  1. Under Name and description, enter a name for your protection pack. Optionally, enter a description.

    Note

    You can't change the name after you create the protection pack.

  2. Under Customize protection pack, configure the following settings:

    1. Under Default rule actions, choose the default action for requests that don't match any rules. For more information, see Customized web requests and responses in Amazon WAF.

    2. Under Rule configuration, customize these settings:

      • Default rate limits - Set limits to protect against DDoS attacks

      • IP Addresses - Configure IP allow/block lists

      • Country specific origins - Manage access by country

    3. For Logging destination, configure where you want to store logs. For more information, see Amazon WAF logging destinations.

  3. Review your settings and choose Add protection pack.

Step 6: Clean up your resources

You've now successfully completed the tutorial. To prevent your account from accruing additional Amazon WAF charges, you should either delete the protection pack you created or modify it to match your production needs.

To delete your protection pack

  1. In the navigation pane, choose Resources & protections.

  2. Select the protection pack you created.

  3. Choose the trash icon, then confirm the deletion by typing "delete".

Note

If you plan to use this protection pack in production, instead of deleting it, you should review and adjust the protection settings to match your application's security requirements.