[Doggie World with AWS WAF, Load-Balancer, Amazon Inspector, CloudFront and Amazon Aurora Serverless]

6 min readOct 29, 2023

[Living in a Doggie World]

Karl’s K-9 Kennel has my consulting RB’s consulting services because he has a website he wants to revamp. Karl’s Kennel not only sells dogs but he also offers dog services such as training, dog walking tips and needs to store his customers info for his reward program as well. The traffic for his website varies day-to-day but when he has a “litter drop” the traffic on his website spikes and sometimes crashes. Karl has grown frustrated and is losing potential business and he has so frustrated loyal customers.

For this business solution we are going to need a few AWS Services:

We will start at the top right with (customers) which is this case will be Karl. We will use AWS CloudFront for our content delivery which will be his website. The website you can store the pics of your doggies in a S3 bucket but one is not listed on our diagram. When AWS CloudFront delivers content you will need some level of protection. If you are storing customers info or if you are running a business reliant on sales how would you like a pirate attack on your site where they take over your site and demand a ransom? Or your loyal customers get their ID stolen? Both would be castarophic! In this scenario you would need the AWS WAF (web application firewall).

The AWS WAF is a service that is necessary and with your AWS WAF you can create in-bound/out bound rules with IP (internet protocol) addresses. If you have a public website you allow traffic from all IP address which would be your customers. You configure your AWS WAF on how to deal with incoming HTTP traffic. If you have a known IP address of bad actors you can provision rules to block that IP address from connecting to your website (WAF managed rule)

Now when you are delivering content you will need to make sure its highly-available. Karls’ K-9 kennels website is receiving so much traffic how can I make sure its highly-available and does not get shut down or time-out when a bunch of user requests come in?? You would use a Application Load Balancer! You can compare a load balancer to the line at the grocery store, if there are 3 lines open and you have 10 customers trying to check out there shouldn’t be 10 customers in 1 line. The load balancer spreads the traffic (customers) to each line. In our illustration the Application Load spreads the traffic to our two web servers (EC2 instances).

Our website rule is to allow all in-bound traffic for our customers because they want to buy a puppy from us but how could we find out that we might have a bad actor? A bad actor is somebody portraying a customer but they are looking to get our customers data. The AWS WAF helps block out these potential risk and Amazon Inspector automatically scans our resources EC2 servers for any vulnerabilities.

Bob, Alice and Trudy. Who’s the bad actor?

Lets dig a little deeper:

Remember scalability…. so as long as traffic (customer requests) are coming in they are getting routed to a web server to ensure they are highly-available. To provide even more protection for our resources in the cloud AWS provides the service called Amazon Inspector. The Auto Scaling group broken line just shows how the isolation of the Web servers (EC2 instances). Isolating our server resources helps provide security for our website.

AWS Inspector runs vulnerability scans throughout your Web servers(EC2 instances). AWS Inspectors continually scans AWS workloads for software vulnerabilities and unintended network exposure. Now AWS Inspector runs the vulnerability test automatically. Amazon Inspector creates a finding when it discovers a software vulnerability or network configuration issue. A finding describes the vulnerability, identifies the affected resource, rates the severity of the vulnerability, and provides remediation guidance.

Example of what the findings would look like

The beauty of the findings are that you can prioritize your security need being that they are broken down from Critical (not shown), medium, low, and informational.

To wrap up todays business solution we have collaborated with Karl’s K-9 kennel and used Amazon CloudFront to revamp a highly-available website. We set up our AWS WAF rules for inbound traffic. We set up a WAF managed rule to block some bad actors we have found. We have delivered content (his website) now we need the Application Loader balancer. When customers are trying to visit our site it needs to be available. More requests means more loads that need to be balanced to our Web Servers(EC2 instances). We have requests coming through the web that we need to automatically check to ensure all of the requests are good requests and that there are no bad actors so Amazon Inspector does the vulnerability scans. When using the AWS console you have AWS shared responsibility and customers responsibility. You configure the rules for your AWS WAF and AWS makes sure they are working. Karl would be responsible for whatever he puts into the cloud(pics of dogs, customers payment type, addresses etc) and AWS is responsible for the resources of the cloud.

All of the 200 dogs along with the prices for the dogs Karl needs a database for all of this info and needs the capacity to scale up or down depending how many dogs are available at one time or requests for in-house showings with clients that are picking up their new little puppy. When you need those resources Amazon Aurora Serverless automatically starts up, shuts down and scales capacity up or down based on the application needs.

Think how difficult it could be every time you sold a new puppy to manage their puppy profile? Remember you have over 200 dogs! You can create the database of puppies and specify the desired database capacity range and connect that to your application while only paying per second for the database capacity that you use when the database is active.