AWS WAF(AWS Web Application Firewall) is a web application firewall service. It helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources.
Using a WAF is a great way to add defense in depth to your web application. A WAF can help mitigate the risk of vulnerabilities such as SQL Injection, Cross Site Scripting and other common attacks (which listed in Top 10 OWASP). WAF allows you to create your own custom rules to decide whether to block or allow HTTP requests before they reach your application.