Hi everyone,
I'm reaching out for advice on optimizing the cost associated with my Tier 2 AWS WAF configuration. My current monthly bill is around $1,000, which seems high for my needs.
My Setup:
WAF Tier: Tier 2
Request Volume: 825586 requests per month
WAF Tier: Tier 1
Request Volume: 34189 requests per month
Current Web ACLs:
We have a total of 5 Web ACLs deployed across development, staging, and production environments.
These Web ACLs share some custom rules:
jQuery-File-Upload_php
Whitelist
Whitelisted_IPs
Blacklist
FenceAllowed
BlockIPv4Requests
GeoFence
Additionally, they leverage the following AWS Managed Rule Sets:
AWS-AWSManagedRulesSQLiRuleSet
AWS-AWSManagedRulesCommonRuleSet
AWS-AWSManagedRulesWordPressRuleSet (if applicable)
AWS-AWSManagedRulesPHPRuleSet (if applicable)
AWS-AWSManagedRulesKnownBadInputsRuleSet
AWS-AWSManagedRulesAmazonIpReputationList
AWS-AWSManagedRulesAnonymousIpList
AWSManagedRulesLinuxRuleSet (if applicable)
Cost Reduction Strategies:
I've been exploring cost-saving techniques and found resources suggesting:
Traffic Analysis: Differentiate legitimate traffic from potential attacks to focus WAF inspection on critical areas.
Rule Set Optimization: Review and potentially remove redundant or overly broad rules that might be unnecessarily inspecting requests.
WCUs and Rule Complexity: Evaluate if Tier 1 could be sufficient if my rules don't require high capacity or body inspection.
My Questions:
Additional Strategies: Are there other effective cost optimization strategies for Tier 2 WAF that I might be overlooking?
Tier 1 vs. Tier 2: Considering my current setup, would migrating to Tier 1 be a viable option without significantly compromising security?
Alternative Solutions: Are there cost-effective alternatives for basic web application security if WAF seems like overkill for my use case?
I appreciate any insights or recommendations the community can offer.
Thanks!
yes, tier 2 costs come from WCUs and yes few of web ACLs exceed the amount in tier 1 pricing. Any suggestions on what can be done?