Overview

Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off

One annual plan covers every course and certificate on Coursera. 40% off for a limited time.

Protect modern web applications from AI crawlers, LLM scrapers, and malicious bot traffic with a practical, AWS-native DevSecOps workflow. In this advanced course, you will build and secure a production-style web delivery stack using Terraform, AWS WAF, CloudFront, Lambda@Edge, EC2, ALB, and Amazon Athena. Starting from a simple Flask application, you will deploy a complete AWS environment as code, then implement multi-layered bot mitigation strategies such as cache separation for bots and humans, degraded content delivery, edge-based traffic routing, and advanced AWS WAF Bot Control. You will also work with JA4 TLS fingerprinting, managed rules, IP and GEO controls, and Athena-based log analysis to create a data-driven bot policy. By the end, you will be able to design and enforce a scalable AWS bot protection architecture that reduces origin load, improves resilience, and helps defend against AI-driven scraping and automated abuse in real-world environments.

Syllabus

The AI Bot Threat Landscape and Local Development Setup

This module explores the economic and technical forces behind the AI bot surge using real traffic data from a commercial marketplace. Learners will examine how training and on-demand bots differ in their impact, why traditional defenses are no longer sufficient, and what a high-level multi-layered infrastructure strategy looks like. The module then transitions to hands-on preparation, where learners set up the Flask demo application locally, install Terraform, configure AWS credentials, and push the Docker image to ECR, establishing the prerequisites for cloud deployment in subsequent modules.

Production Infrastructure Deployment on AWS

This module moves from local development to full cloud deployment using Terraform. Learners will build a VPC with public and private subnets, configure security groups, delegate a domain to Route 53, generate SSL certificates with ACM, deploy an Application Load Balancer, and launch EC2 instances in an Auto Scaling group running the Flask container. The module then layers on CloudFront and WAF with logging via Kinesis Firehose. It concludes with a practical analysis of why reactive auto-scaling fails against short, aggressive AI bot spikes, using real commercial data from a Petalbot and Ahrefsbot traffic event.

Intelligent Traffic Routing and CloudFront Optimization

This module transforms CloudFront into a bot-aware traffic router. Learners will understand the two-layer caching architecture of CloudFront, implement a degraded content strategy that serves lightweight static content to bots while preserving the full experience for humans, and deploy Lambda@Edge to dynamically route bot traffic to a secondary CloudFront distribution backed by S3. The module also addresses cache collision between bot and human responses using CloudFront Functions, solves the missing assets problem through immutable asset deployments and Origin Shield, and concludes with a summary of all key patterns for bot-resilient content delivery.

Advanced WAF Defenses, Bot Control, and Strategic Policy Enforcement

This module turns the CloudFront edge into an intelligent security gateway. Learners will deploy AWS WAF with IP black and white lists, GEO-based country blocking with whitelist exceptions, and set up Athena to query WAF logs for bot geography analysis. The module progresses through JA4 TLS fingerprinting for advanced rate limiting, granular URL-scoped rate rules, and the AWS IP Reputation List managed rule group. Learners will then enable AWS WAF Bot Control in COMMON mode, examine the labels and categories it emits, integrate the client-side SDK to unlock TARGETED mode, and interpret the Bot Control dashboards. The module culminates in building a Bot Identification Report using Athena and implementing a fully automated three-tier policy (allow, block, degrade) via Lambda@Edge and WAF enforcement rules.