1. AWS Network Firewall
- Purpose: Network-level protection for your VPC traffic.
- Layer: Operates at OSI Layer 3/4 (network layer).
- Works on: Traffic entering or leaving your VPC subnets (TCP/UDP, IP traffic).
-
Capabilities:
- Stateful inspection
- Intrusion detection/prevention (IDS/IPS)
- Domain filtering
- Protocol filtering
- Custom firewall rules
Typical use case:
Protecting entire VPCs or subnets, filtering all inbound/outbound traffic — similar to an on-prem network firewall.
2. AWS WAF (Web Application Firewall)
- Purpose: Application-layer protection.
- Layer: Operates at OSI Layer 7 (HTTP/HTTPS).
- Works on: Web traffic going to your application endpoints (CloudFront, ALB, API Gateway, AppSync).
-
Capabilities:
- Protection against web attacks (SQL injection, XSS, bot traffic).
- URL/path-based filtering.
- Rate limiting.
- IP whitelisting/blacklisting.
Typical use case:
Protecting web applications from application-layer attacks.
Quick analogy
- Network Firewall = a network security guard who inspects all traffic coming into/out of your building and stops suspicious connections.
- WAF = a web application security guard who checks the content of requests to your web app and blocks malicious payloads.
If the question says “traffic inspection + filtering at the VPC/network level” → AWS Network Firewall.
If it says “protect my web application from attacks” → AWS WAF.
Top comments (0)