Create a more secure LAMP stack with AWS WAF (web application firewall)
LAMP stacks-with their classic layered architecture using a Linux foundation followed by Apache, MySQL, and PHP-provide time-tested software for delivering high-performance web applications. Like any open-source projects, LAMP stacks may be vulnerable to common web exploits and bots. This means that LAMP stacks may be subject to compromised security, limited availability, or excessive consumption of resources.
Deploying a web application firewall can help you secure LAMP stacks against web-application vulnerabilities and distributed denial of service (DDoS) attacks.
You can build a LAMP-stack application from scratch or by following this Amazon Web Services (AWS) tutorial: Install a LAMP web server on the Amazon Linux AMI. The tutorial, however, does not delve into ways you can secure a LAMP-stack application against web-application vulnerabilities and distributed denial of service (DDoS) attacks.
In this post, we walk through automation steps to deploy a highly available LAMP-stack application using an Application Load Balancer, Amazon Route 53, and-to help secure your application-an AWS WAF web application firewall and a Transport Layer Security (TLS) certificate using AWS Certificate Manager (ACM). We show how to launch a classic three-tier stack consisting of a presentation tier, application tier, and data tier. This architecture can host a variety of popular web applications-such as WordPress, Wikipedia, and Drupal-in minutes.
Overview
In this walkthrough, you deploy the following high-level architecture:
For further reading, check my blog @
