How do you protect your Kubernetes workloads when malicious traffic, bots, and automated attacks can reach your platform before application-level controls have a chance to respond?
As our clients’ platform continued to scale, the Kubernetes ingress layer became an increasingly critical component of the overall security posture. While workloads were already fronted by an AWS Application Load Balancer (ALB), protection against automated abuse, malicious traffic, and high-volume request spikes remained limited.
To address this, a dedicated AWS WAFv2 security layer was introduced to inspect and control inbound traffic before requests reached application services. The implementation combined AWS Managed Rules, rate limiting, and ingress integration to create a proactive defence mechanism that could be validated through controlled testing rather than relying solely on reactive incident response.
The goal was to establish a consistent and measurable security framework at the edge of the platform that would:
By moving protection closer to the point of entry, the client aimed to strengthen platform security while maintaining a seamless experience for legitimate users.
The project focused on securing ingress traffic across production Kubernetes environments through the implementation of AWS WAFv2 and associated infrastructure improvements.
Key areas of work included:

A Regional AWS WAFv2 Web ACL was deployed and attached directly to the Application Load Balancer serving Kubernetes ingress traffic.
The solution leveraged AWS Managed Rule Groups to provide continuously updated protection against common web application threats, including:
To strengthen protection against automated abuse, rate-limiting controls were introduced with a threshold of 300 requests per five-minute period per IP address. Requests exceeding this limit were automatically blocked before reaching backend services.
All WAF rules were configured with CloudWatch metrics and sampled request logging to provide operational visibility and support future tuning.

The Web ACL was associated with Kubernetes ingress resources through ALB annotations, ensuring consistent enforcement across all targeted endpoints.
Additional ingress improvements included:
These changes ensured that security enhancements did not compromise application stability or user experience.
A structured testing strategy was implemented to verify that protections behaved as expected under realistic conditions.
Testing activities included:
Rate Limit Validation
This testing approach provided evidence-based validation that security controls were functioning correctly before wider adoption.

The implementation delivered a significantly stronger ingress security posture while improving operational visibility and confidence in platform resilience.
Key outcomes included:
The client now operates with a structured AWS WAFv2 security model integrated into Kubernetes ingress and AWS load balancing infrastructure. Future enhancements will focus on refining protection thresholds using production traffic insights, expanding coverage across additional environments, and further automating security validation processes.
Additional validation activities will include geographic traffic filtering tests to verify geo-based access controls and long-running request scenarios to further assess platform resilience and ingress behaviour under extended processing durations.
The result is a more secure, observable, and resilient ingress layer that aligns with AWS best practices while supporting the continued growth of the platform, alongside simplified management through centralised policy enforcement and Infrastructure as Code.
We help organisations build secure, scalable cloud platforms by combining cloud-native architecture, infrastructure automation, and security best practices.
Whether you're looking to strengthen Kubernetes security, implement AWS WAF protections, improve platform resilience, or modernise your cloud infrastructure, our team can help design and deliver solutions tailored to your business needs.
If you're looking to improve the security and reliability of your cloud environment, get in touch to discuss how Mesoform can help.