AWS WAF looks simple until it becomes important. At first it is a few managed rule groups, an IP allowlist, maybe a rate limit on /login . Then a real application grows around it.

Source: [Dev.to](https://dev.to/aws-builders/best-practices-for-managing-aws-waf-with-code-3efl)

Sponsored