AWS WAF is integrated with Application Load Balancers, API Gateways, and AWS CloudFront distributions, making it easy to deploy.
In few minutes by enabling AWS-managed rules you can gain protection against the most frequent and critical attacks (OWASP Top 10), as well as block disreputable IPs (such as Botnet IPs and attacker IPs). You can choose which managed rule packages to activate, depending on the load you want to protect, and select whether you only want to count, or block requests.
Additionally, you can use rules from our business partners such as F5, Fortinet, Cyber Security Cloud, among others to supplement AWS WAF rules by purchasing monthly subscriptions from AWS Marketplace. When they are used by AWS WAF, the ease of deployment and management is mantained (it being a service that scales elastically).
In later phases, depending on the particular requirements of the applications to protect, you will be able to evaluate additional options to secure your applications with multiple technologies from our partners, however, the Quick win to gain application protection quickly, is the use of AWS WAF.
AWS WAF is a QuickWin because it can be implemented in minutes, its pay-per-use model makes it a low cost service for most use cases, and it has low operating burden. But in a later Phase it is recommended to analyze whether your use case fits AWS WAF capabilities or if you require a third-party solution.
See WAF with Custom Rules for more information on 3rd party solutions.