AWS re:Invent 2019: Using Amazon CloudFront, AWS WAF, and Lambda@Edge to keep spammers out (CMY303)

In this session, we look at the timeline, analysis, and solution implemented for a sudden attack by spammers. Suddenly, the number of newly registered users in our system spiked. We could see that these new users were likely spammers. It was a more sophisticated attack than earlier, as traffic originated from everywhere; captchas and email verifications were bypassed. We already had some countermeasures in place, including a manual process for approval. We needed a quick and cost-effective solution. By using Amazon CloudFront, AWS WAF, Lambda@Edge, and some smarts, we permanently stopped 99% of the spammers within an hour.