Since serverless is designed to scale to infinity, one of the questions we get asked very often is whether a DDoS attack on the serverless application can result in a hefty Cloud Bill. One way to prevent this is to have rate limiting on API Gateway in place so that the serverless application doesn’t scale to unexpected levels and end up using all underlying resources. By Vishwasa Navada K.
Other than rate limiting at the API Gateway level, AWS offers a service called WAF (Web Application Firewall) that is dedicated to protecting the internet-facing services of AWS like API Gateway, AppSync, App Runner, Application Load Balancer, CloudFront, and Cognito.
WAF offers various predefined configurations to protect the applications from known threats like DDoS, SQL Injection, and XSS. WAF calls these configurations Managed Rules. You could write up your own Rules, or use various rules that are available to use on the WAF Console. A few of these are free to use and provided by AWS, while you could find advanced rules from third-party providers through AWS Marketplace. For details follow the link to full article. Nice one!
[Read More]