Overview
How CloudFront caching works and how to build intelligent, bot-aware delivery flows, How to implement degraded-content / traffic-splitting strategies using CloudFront, Lambda@Edge, and S3, How to separate cache for bots vs humans using CloudFront Functions, How to eliminate “missing assets” issues using immutable asset deployments, How to deploy and tune CloudFront Origin Shield, How to analyze CloudFront logs using Athena for bot and traffic insights, How to configure AWS WAF to be defensive against bots DoS (IP sets, GEO rules, rate rules, managed rules), How to use JA4 fingerprinting for advanced rate-limit funnels, How AWS WAF Bot Control really works (COMMON vs TARGETED modes), How to integrate the WAF client-side SDK to unlock advanced detections, How to read and interpret Bot Control dashboards and labels, How to build a real Bot Identification Report in Athena, How to design, validate, and deploy a complete bot strategy (allow, block, degrade)
Software Engineers, DevOps & SRE, Cloud Architects, Security Engineers, CTOs, Tech Leads, Startups, Anyone curious about real-world bot defenses and traffic control
IT IS NOT THE COURSE FOR BEGINNERS, An active AWS account, A domain name to use with CloudFront, Good Terraform knowledge, Good AWS knowledge, Understanding of HTTP, web apps, or APIs
What you'll learn
How CloudFront caching works and how to build intelligent, bot-aware delivery flows
How to implement degraded-content / traffic-splitting strategies using CloudFront, Lambda@Edge, and S3
How to separate cache for bots vs humans using CloudFront Functions
How to eliminate “missing assets” issues using immutable asset deployments
How to deploy and tune CloudFront Origin Shield
How to analyze CloudFront logs using Athena for bot and traffic insights
How to configure AWS WAF to be defensive against bots DoS (IP sets, GEO rules, rate rules, managed rules)
How to use JA4 fingerprinting for advanced rate-limit funnels
How AWS WAF Bot Control really works (COMMON vs TARGETED modes)
How to integrate the WAF client-side SDK to unlock advanced detections
How to read and interpret Bot Control dashboards and labels
How to build a real Bot Identification Report in Athena
How to design, validate, and deploy a complete bot strategy (allow, block, degrade)
Requirements
An active AWS account
A domain name to use with CloudFront
Understanding of HTTP, web apps, or APIs
Good Terraform knowledge
IT IS NOT THE COURSE FOR BEGINNERS
Short description
This course teaches you how to survive — and win — in the new era of AI bots, crawlers, scrapers, and automated traffic.
Today bots consume an enormous portion of API, web, and CDN traffic.
They cost money, distort analytics, break cache logic, and overload your application.
And traditional protections are no longer enough.
This course gives you a complete, practical, battle-tested system to handle AI bots with intelligence, not brute force.
Section 1 — Understanding the New Threat Landscape
We begin from the strategic level:
Why AI bots became a real business threat, what their objectives are, how bot traffic harms your infrastructure, and how to think about long-term defense.
You will also get a high-level architecture overview — the big picture of CloudFront, WAF, degraded content, and routing logic.
Section 2 — Flask Test Application & Terraform Preparations
Before we defend anything, we need something to protect.
You will create a tiny Flask API app, run it locally, understand its behavior, then prepare Terraform, AWS profiles, and ECR to deploy it later in the cloud.
Section 3 — Full Application Deployment Using Terraform
This is the heart of the infrastructure setup.
You will:
Build networking components
Delegate a domain
Configure ACM
Build ALB
Deploy EC2 using AutoScaling
Attach EC2 to ALB
Configure CloudFront
Integrate WAF
Explore the AWS Console and learn to debug application behavior
This creates the full “lab environment” used for all bot routing experiments in the later sections.
Section 4 — Autoscaling & Real AI Bot Cost Surprises
We explore what happens when bots hit your infrastructure at scale.
You will see real examples of traffic spikes, CPU burns, cost explosions — and learn why AI bots require a different approach than traditional crawlers.
We also discuss AWS Fargate and show a real commercial example of bot impact.
Section 5 — Intelligent Traffic Routing with CloudFront
This is where the course becomes truly unique.
You will learn:
How CloudFront actually works at request level
How to build a degraded content strategy — lightweight static content for bots
How to route bots with Lambda@Edge
How to tag bots using CloudFront Functions
How caching issues arise in real deployments and how to fix them
How to handle static assets, versioning, origin shield, and inline assets
How to make CloudFront fully bot-aware and resilient
By the end, your CloudFront distribution becomes a smart, bot-sensitive traffic router.
Section 6 — AWS WAF: Protecting Against AI Crawlers & Automated Bots
We go deep into WAF from both defensive and analytical perspectives:
WAF basics and how it actually inspects traffic
Custom black & white lists in the context of AI bots
Geo-based filtering
Athena quick start using WAF logs
JA4 fingerprinting & statistical detection
URL-scoped granular rate rules
Reputation-based managed rules
Intelligent Bot Mitigation theory
Turning on Bot Control (COMMON + TARGETED)
Integrating Bot Control SDK
Reading Bot Control metrics and dashboards
Understanding bot categories and deducing which real bots sit behind them
This section connects CloudFront & WAF into a unified defensive system.
Section 7 — Strategic Bot Policy & AI/Bot Traffic Analysis Using Athena
This is the analytical and strategic peak of the course.
You will learn how to extract real bot traffic from your logs, build a complete Bot Identification Report, and use it to craft a concrete bot defense strategy.
Generating the Bot Identification Report using Athena + real production data samples
Strategic bot policy implementation — part 1 (Terraform logic, CloudFront routing, WAF integration)
Strategic bot policy implementation — part 2 (finalizing routing, degraded content, block rules)
Final course summary + key takeaways + next steps
We finish with a clear framework that you can apply in any real-world environment — cloud or on-premise.
Who this course is for
Anyone responsible for web applications, API performance, cloud security, or cost optimization:
Software Engineers
DevOps & SRE
Cloud Architects
Security Engineers
CTOs, Tech Leads, Startups
Anyone curious about real-world bot defenses and traffic control
If you want a practical, battle-tested, deep-technical, and fully reproducible defense methodology against AI bots — this course is for you.
Sergii Demianchuk
My name is Sergii Demianchuk. I have almost 20 year’s experience as a software engineer. At my work I am mostly using next technologies: PHP, Python, Java, Javascript, Symfony, Flask, Spring, Vue, Docker, AWS Cloud, ML, Ansible, Jenkins, MySQL, Redis, ElasticSeach. I started my IT carrier as Engineer at national telecommunication Ukrainian networks. Than I worked as web full stack developer and IT manager for 10 years. After relocation to Poland at 2012, I continued my carrier path at Clicktrans company which represents one of the biggest transport marketplaces in Europe. Currently I am taking the position of CTO&System Architect at Clicktrans. My work is concentrated around architecture for complex systems, using ML for solving transport problems, big data sets analysis, search & recommendations systems. I am also deeply involved at devops and security world. My favorite slogan: "There is nothing impossible. The main question is how to do complicated system in the most efficient way having right people on a board with keeping it safe and simple at support :)"