This document discusses WAF architecture on AWS. It begins by explaining what a WAF is and why they are used, particularly to address common attacks like SQL injection and cross-site scripting. It then covers traditional WAF architectures and their problems before detailing the AWS recommended architecture of placing a WAF like AWS WAF in front of a load balancer or CloudFront distribution. It also compares traditional, cloud-hosted, and AWS WAF options in terms of meeting compliance standards, maintenance/automation, and pricing. The document concludes with a demo of AWS WAF rules and features.