AWS Amplify Hosting Adds Web Application Firewall Protection – Public Preview

Today, AWS Amplify Hosting is launching new Firewall capabilities that will allow developers to protect and further secure their web applications. This is a direct integration with AWS WAF, allowing Amplify developers to connect a Web ACL directly to their Amplify hosted application. A web firewall is essential for professional developers to protect their applications from common web exploits, enhance security, and ensure compliance. It offers features like IP blocking/allowlisting, geo-restrictions, and protection against bot traffic. By providing WAF, Amplify customers can significantly improve their application’s security posture, mitigate risks, and maintain the integrity of their data and user experience.

AWS WAF is a full service offering that lets customers configure a set of rules, called a web access control list (web ACL), that allow, block, or monitor (count) web requests based on customizable web security rules and conditions that you define. When you integrate your Amplify Hosting app with AWS WAF, you gain more control over incoming traffic. To learn more about AWS WAF, see How AWS WAF Works in the Developer Guide.

If you are new to the AWS WAF service, Amplify Hosting has made it easy for developers to set up—

• IP Blocking – Restrict web traffic by allowing or blocking requests from specified IP address ranges
• Geo Restriction – allow or block access based on specific countries
• Firewall protections – general firewall protections to protect against the most common vulnerabilities found in web applications, block IP addresses from potential threats based on Amazon internal threat intelligence, and protect against malicious actors discovering application vulnerabilities.
• Disable Amplify URL – restrict access to the default Amplify generated amplifyapp.com domain (useful once you add a custom domain to prevent bots and search engines from crawling the domain)

As a reminder, protections enabled through the Amplify console, will be applied to an underlying Web ACL in your AWS account. For fine-grained rulesets, developers can leverage the WAF console rule builder.

Getting Started

To get started with associating WAF to your app, please follow our public documentation.

Availability and pricing

Firewall support is available today, in preview, in all AWS Regions that Amplify Hosting operates except for the opt-in regions. This integration falls under a WAF global resource, similar to CloudFront. Web ACLs can be attached to multiple Amplify Hosting apps, but they must reside in the same region.

During the preview, you will only incur utilization-based charges from the WAF service. At a glance, WAF charges $5/month per web ACL and $1 per rule among other charges. See WAF pricing. At a minimum, you will pay $7 for this integration assuming the 1 web ACL with 2 rules.

Additionally, Amplify Firewall capabilities will require subscribing to a new Amplify Hosting advanced tier. This tier will include other features at launch. During the preview, enabling the Amplify Firewall will auto-subscribe you to this advanced tier, but there will be no additional charge until the Amplify Firewall feature goes GA. At anytime, you can remove the Amplify Firewall and you will not be charged post GA. All specific pricing details of this tier will be communicated at general availability. There are no commitments or upfront investments.

Next steps

Add firewall protections to your app today, by visiting the AWS Amplify console.