What is our primary use case?
For AWS WAF, currently, we use this new application. This is another service provided by AWS for the sales business, and it's used for education. So, AWS WAF works in conjunction with AWS Cognito. We observe this when there's some kind of bot attempting to access our application or when you're trying to use a bot as a control mechanism to transcribe or manage a high volume of traffic through our endpoints.
AWS WAF manages both human traffic and bot-controlled traffic, and it can redirect you to a catch-up mechanism or sometimes simply for use. So, we've implemented different kinds of mechanisms within AWS WAF.
How has it helped my organization?
We use it in the production environment. From time to time, we can see the metrics for the generated traffic on both the WAF and the infrastructure
These metrics are presented on the dashboard. We review this information and conclude that regular monitoring, along with dashboard evaluations, reaffirms the effectiveness of the system. This allows us to ensure that the investment we're making is justified and worthwhile.
What is most valuable?
The most valuable feature is that it is very easy to configure. It just takes a couple of minutes.
What needs improvement?
There is room for improvement in pricing.
The pricing for each rule group is a bit too high. It's a monthly subscription, and it can get quite expensive for rules that I won't use for my application. For example, I might create a rule group that costs $10, and I only use one of the rules in the group. That's $10 for a rule that I'm not even using! So, the pricing could be more flexible, or there could be a way to get discounts for unused rules.
So, AWS WAF should have a pay-as-you-go pricing model, where I can only pay for the rules that I use.
Buyer's Guide
AWS WAF
April 2025
Learn what your peers think about AWS WAF. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,989 professionals have used our research since 2012.
For how long have I used the solution?
I have been using this solution for three years.
What do I think about the stability of the solution?
It is a stable solution to some extent.
What do I think about the scalability of the solution?
For my use cases, it is a scalable solution. There are less than 2,000 end users using this solution in our organization.
How are customer service and support?
I reached out to support when I was setting it up initially, I had some questions. And we have some kind of first-line support with AWS. So I reached out to them whenever I had questions.
However, the support depends on the support we are paying for. The support we are paying for is cheap support. I'm on the standard support plan, so my SLA is four hours. There's a phone queue, so I can't always get through right away. But the support engineers are knowledgeable and can usually point me in the right direction.
How would you rate customer service and support?
How was the initial setup?
The initial setup is fairly easy. AWS does everything for us—just some clicks.
What about the implementation team?
There is no maintenance required. AWS also upgrades new offerings. AWS does all these things. Like, it does why it's very expensive. And they give us the metrics.
What other advice do I have?
Just evaluate these simple things you need. And don't try to put too many features at the beginning because you might not need them. Every application is designed differently.
Every business and customer is also very different, so if your application is more susceptible to some kind of engineering traffic then it's going to be very expensive.
Overall, I would rate the solution an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.