Try our new research platform with insights from 80,000+ expert users
AWS WAF Logo

AWS WAF pros and cons

Vendor: Amazon Web Services (AWS)
4.0 out of 5
Badge Leader
Leave a review

Pros & Cons summary

AWS WAF excels in blocking threats to external applications with a scalable, cloud-native design for seamless AWS integration. It offers fast deployment and protects against cyber attacks, including SQL injections and DDoS, with customizable rules. Users note the need for improved automation, a simpler pricing structure, enhanced security features, and AI integration. AWS WAF should expand third-party compatibility and improve managed rule sets for better protection.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

AWS WAF excels in blocking threats to external applications and offers an extra layer of security to web applications.
This service is scalable and cloud-native, enabling seamless integration with AWS services.
AWS WAF offers simplicity in setup and configuration, allowing for deployment in just a few minutes.
The tool's ability to filter and protect against various cyber attacks, including SQL injections and DDoS attacks, is highly valuable.
AWS WAF supports customization, allowing users to create specific rules for IP addresses, geographical locations, and HTTP headers.

CONS

Users emphasize the need for AWS WAF to enhance its automation capabilities, especially in rule management, to reduce manual efforts.
The current security features of AWS WAF may not be sufficient to combat evolving threats like DDoS and should be improved with more advanced capabilities.
There is feedback that AWS WAF's pricing structure is complex and could be more intuitive to better assist users in cost management.
AWS WAF should integrate AI or machine learning for real-time threat detection and proactive security measures.
There are calls for AWS WAF to expand compatibility with third-party services and improve managed rule sets to enhance its protective capabilities.
 

AWS WAF Pros review quotes

CL
Carlo Lainer
Senior Information Security Specialist at a tech services company with 1,001-5,000 employees
Mar 11, 2019
The most valuable feature is the way it blocks threats to external applications.
Read full review
Founder4214 - PeerSpot reviewer
Founder4214
Founder at a consultancy with 1-10 employees
Mar 11, 2019
It is a one-click WAF with no effort needed.
Read full review
Engineera5be - PeerSpot reviewer
Engineera5be
Engineer at a tech vendor with 501-1,000 employees
Mar 11, 2019
It's simple, easy to use.
Read full review
Buyer's Guide
AWS WAF
December 2025
Free Report: AWS WAF Reviews and More
Learn what your peers think about AWS WAF. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.
DOWNLOAD NOW
879,371 professionals have used our research since 2012.
Develope2e0c - PeerSpot reviewer
Develope2e0c
Developer at a tech services company with 1-10 employees
Mar 11, 2019
The customized billing is the most valuable feature.
Read full review
NetworkAf67c - PeerSpot reviewer
NetworkAf67c
Network Analyst
Mar 11, 2019
The most valuable feature is the security, making sure that files are protected, preventing unauthorized users from accessing the system.
Read full review
it_user1143783 - PeerSpot reviewer
it_user1143783
Advisory and IT Transformation Consultant at a tech services company with 10,001+ employees
Sep 5, 2019
The initial setup was very straightforward. Deployment took about ten minutes or less.
Read full review
ND
DigitalProd67
Head of Digital Product Office at a energy/utilities company with 10,001+ employees
Sep 8, 2019
The ability to take multiple data sets and match those data sets together is the solution's most valuable feature. The data lake that comes with it is very useful because that allows us to match data sets with different configurations that we wouldn't normally be able to match.
Read full review
it_user1220484 - PeerSpot reviewer
it_user1220484
Manager, IT Infrastructure & Information Security at flyadeal
Dec 9, 2019
The security firewall plus the features that protect against database injections or scripting,
Read full review
reviewer1275378 - PeerSpot reviewer
reviewer1275378
Principal Consultant at a tech services company with 10,001+ employees
Feb 5, 2020
The most valuable feature is the scalability because it automatically scales up or scales down as per our requirements.
Read full review
it_user753234 - PeerSpot reviewer
it_user753234
IT Governance at PeerSpot
Mar 22, 2020
The most valuable aspect is that it protects our code. It's a bit difficult to overwrite code in our application. It also protects against threats.
Read full review
Show 10 more reviews (out of 61)
 

AWS WAF Cons review quotes

CL
Carlo Lainer
Senior Information Security Specialist at a tech services company with 1,001-5,000 employees
Mar 11, 2019
In a future release I would like to see automation. There's no interaction between the applications and that makes it tedious. We have to do the preparation all over again for each of our other applications.
Read full review
Founder4214 - PeerSpot reviewer
Founder4214
Founder at a consultancy with 1-10 employees
Mar 11, 2019
We need more support as we go global.
Read full review
Engineera5be - PeerSpot reviewer
Engineera5be
Engineer at a tech vendor with 501-1,000 employees
Mar 11, 2019
The user experience, the interface, is lacking. Sometimes it's hard to find certain areas that it has alerted on.
Read full review
Buyer's Guide
AWS WAF
December 2025
Free Report: AWS WAF Reviews and More
Learn what your peers think about AWS WAF. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.
DOWNLOAD NOW
879,371 professionals have used our research since 2012.
Develope2e0c - PeerSpot reviewer
Develope2e0c
Developer at a tech services company with 1-10 employees
Mar 11, 2019
In a future release of this solution, I would like to see additional management features to make things simpler.
Read full review
NetworkAf67c - PeerSpot reviewer
NetworkAf67c
Network Analyst
Mar 11, 2019
They have to do more to improve, to innovate more features. They need to increase the security. It has to be more active in detecting threats.
Read full review
it_user1143783 - PeerSpot reviewer
it_user1143783
Advisory and IT Transformation Consultant at a tech services company with 10,001+ employees
Sep 5, 2019
They should work to define more threats, add more security, and make it more compliant with more security companies.
Read full review
ND
DigitalProd67
Head of Digital Product Office at a energy/utilities company with 10,001+ employees
Sep 8, 2019
The solution is cloud-based, and therefore the billing model that comes with it could be more intuitive, in my opinion. It's very easy to not fully understand how you tag things for billing and then you can quite easily run up a high bill without realizing it. The solution needs to be more intuitive around the tagging system, which enables the billing. Right now, I have a cloud architect that does that on our behalf and it isn't something that a business user could use because it still requires quite a lot of technical knowledge to do effectively.
Read full review
it_user1220484 - PeerSpot reviewer
it_user1220484
Manager, IT Infrastructure & Information Security at flyadeal
Dec 9, 2019
For now, there is no feature to protect against attack of the bad bots
Read full review
reviewer1275378 - PeerSpot reviewer
reviewer1275378
Principal Consultant at a tech services company with 10,001+ employees
Feb 5, 2020
I would like to be able to view a graphical deployment map in the user interface that will give me an overview of the configuration and help to determine whether I have missed any steps.
Read full review
it_user753234 - PeerSpot reviewer
it_user753234
IT Governance at PeerSpot
Mar 22, 2020
It's a bit difficult to apply the right rules for the right security.
Read full review
Show 10 more reviews (out of 61)

Product Categories

Product Categories
Web Application Firewall (WAF)

Popular Comparisons

Popular Comparisons
Prisma Cloud by Palo Alto Networks vs AWS WAF Logo
Prisma Cloud by Palo Alto Networks vs AWS WAF
Imperva Application Security Platform vs AWS WAF Logo
Imperva Application Security Platform vs AWS WAF
Fortinet FortiWeb vs AWS WAF Logo
Fortinet FortiWeb vs AWS WAF
Azure Front Door vs AWS WAF Logo
Azure Front Door vs AWS WAF
Microsoft Azure Application Gateway vs AWS WAF Logo
Microsoft Azure Application Gateway vs AWS WAF
F5 Advanced WAF vs AWS WAF Logo
F5 Advanced WAF vs AWS WAF
NetScaler vs AWS WAF Logo
NetScaler vs AWS WAF
Cloudflare Web Application Firewall vs AWS WAF Logo
Cloudflare Web Application Firewall vs AWS WAF
Akamai App and API Protector vs AWS WAF Logo
Akamai App and API Protector vs AWS WAF
Azure Web Application Firewall vs AWS WAF Logo
Azure Web Application Firewall vs AWS WAF
F5 Distributed Cloud Services vs AWS WAF Logo
F5 Distributed Cloud Services vs AWS WAF
Radware Alteon vs AWS WAF Logo
Radware Alteon vs AWS WAF
Fastly vs AWS WAF Logo
Fastly vs AWS WAF
NGINX App Protect vs AWS WAF Logo
NGINX App Protect vs AWS WAF
Check Point CloudGuard WAF vs AWS WAF Logo
Check Point CloudGuard WAF vs AWS WAF
See all alternatives

Product Categories

Product Categories
Web Application Firewall (WAF)

Popular Comparisons

Popular Comparisons
Prisma Cloud by Palo Alto Networks vs AWS WAF Logo
Prisma Cloud by Palo Alto Networks vs AWS WAF
Imperva Application Security Platform vs AWS WAF Logo
Imperva Application Security Platform vs AWS WAF
Fortinet FortiWeb vs AWS WAF Logo
Fortinet FortiWeb vs AWS WAF
Azure Front Door vs AWS WAF Logo
Azure Front Door vs AWS WAF
Microsoft Azure Application Gateway vs AWS WAF Logo
Microsoft Azure Application Gateway vs AWS WAF
F5 Advanced WAF vs AWS WAF Logo
F5 Advanced WAF vs AWS WAF
NetScaler vs AWS WAF Logo
NetScaler vs AWS WAF
Cloudflare Web Application Firewall vs AWS WAF Logo
Cloudflare Web Application Firewall vs AWS WAF
Akamai App and API Protector vs AWS WAF Logo
Akamai App and API Protector vs AWS WAF
Azure Web Application Firewall vs AWS WAF Logo
Azure Web Application Firewall vs AWS WAF
F5 Distributed Cloud Services vs AWS WAF Logo
F5 Distributed Cloud Services vs AWS WAF
Radware Alteon vs AWS WAF Logo
Radware Alteon vs AWS WAF
Fastly vs AWS WAF Logo
Fastly vs AWS WAF
NGINX App Protect vs AWS WAF Logo
NGINX App Protect vs AWS WAF
Check Point CloudGuard WAF vs AWS WAF Logo
Check Point CloudGuard WAF vs AWS WAF
See all alternatives
Related questions
  • 76
What are the limitations of AWS WAF vs alternative WAFs?
  • 49
Can you share your experience on migration from Akamai Kona Site to Amazon CloudFront and AWS WAF?
  • 24
How does AWS WAF compare to Microsoft Azure Application Gateway?
  • 66
Which lesser known firewall product has the best chance at unseating the market leaders?
  • 40
Which WAF solution would you recommend to cater to 100 to 125 concurrent sessions?
  • 79
What do you recommend for a securing Web Application?
  • 36
Fortinet vs Sophos? Help choose a NGFW solution that can replace Microsoft TMG.
  • 23
Imperva WAF vs. Barracuda: Which One is Better?
  • 103
F5 vs. Imperva WAF?
  • 162
When should companies use SSL Inspection?