Sold by: NGINX, Inc.
Deployed on AWS
Free Trial
Deliver apps with performance, reliability, security, and scale. NGINX Plus and NGINX App Protect on AWS deploy quickly and cost-effectively, and you'll benefit from speeds <30ms. Get the all in one (yet surprisingly lightweight) load balancer, reverse proxy, and API gateway with WAF.
4.3
Overview
This offering includes a free, full featured 30-day trial. Simplify your stack and deliver high-performance apps reliably, securely and at scale with NGINX Plus and NGINX App Protect: the all in one (yet surprisingly lightweight) load balancer, reverse proxy, and API gateway with WAF. Try it for free today!
Looking for consistent, high-performance app delivery and web services? NGINX plus operates stand-alone or can integrate with AWS services - such as existing load balancing solutions, Auto Scaling groups, and AWS Lambda - to reduce your application delivery and management costs. NGINX Plus provides enterprise-grade features such as session persistence, configuration via API, and active health checks so that you can add advanced application load balancing, monitoring and management to your AWS application stack.
Want to use the same WAF across all your environments - from on-prem to cloud to Kubernetes? NGINX App Protect, our modern app-security solution built on F5's market-leading security expertise, can do just that. Our security-as-code design philosophy makes it easy to integrate security into your agile and DevOps workflows. It easily integrates with NGINX Plus and NGINX Ingress Controller to protect your apps from a range of threats including OWASP Top 10 and beyond.
Highlights
- NGINX Integration: Enables strong security controls integrated seamlessly with NGINX Plus and NGINX Ingress Controller.
- Application Delivery: A reliable, lightweight and high-performance load balancer and reverse proxy that can be managed at scale.
- API gateway: Route requests, authenticate API calls, apply rate limits and deliver APIs in real-time.
Details
Sold by
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
Rhel 8
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 30 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
c5.large Recommended | $1.58 |
u-24tb1.metal | $1.58 |
d3.xlarge | $1.58 |
c5ad.large | $1.58 |
m5a.4xlarge | $1.58 |
c5a.xlarge | $1.58 |
c5ad.8xlarge | $1.58 |
d3en.6xlarge | $1.58 |
u-12tb1.metal | $1.58 |
d2.xlarge | $1.58 |
Vendor refund policy
We do not offer refunds for hourly usage fees after free trial has expired
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Release notes can be found at https://docs.nginx.com/nginx/releases/
Additional details
Usage instructions
When a new AMI is deployed for the first time, the latest version of NGINX Plus will be installed, auto-configured and started. NGINX Plus status can then be checked by running: service nginx status, and the NGINX Plus default index page will be accessible on public EC2 instance address. Please use SSH to access your instance for management purposes with the following usernames, for Ubuntu: "ubuntu", CentOS: "centos", Amazon Linux/RHEL: "ec2-user", Debian: "admin". NGINX Plus configuration can be found in /etc/nginx and the documentation is available at https://docs.nginx.com/nginx/ .
Resources
Vendor resources
Support
Vendor support
The Premium edition includes access to 24x7 email and phone support for unlimited number of incidents. SLA within 30 minutes for urgent Severity 1 requests, 24 hours response for low Severity requests. Documentation questions answered within 24 hours. Receive hot bug fixes and email notifications of all NGINX software updates. To engage our support team, please activate your account at: https://support.f5.com/csp/article/K23782072 To engage the F5 support team, please first activate your account
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By NGINX, Inc.
By Varnish Software AB
By F5, Inc.
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Load Balancing and Reverse Proxy
Lightweight load balancer and reverse proxy with session persistence, active health checks, and configuration via API for enterprise-grade application delivery
API Gateway Functionality
API gateway capable of routing requests, authenticating API calls, applying rate limits, and delivering APIs in real-time
Web Application Firewall
Integrated WAF built on F5's security expertise protecting against OWASP Top 10 and additional threats with security-as-code design philosophy
Multi-Environment Deployment
Unified security and application delivery solution deployable across on-premises, cloud, and Kubernetes environments
AWS Service Integration
Integration capabilities with AWS services including existing load balancing solutions, Auto Scaling groups, and AWS Lambda
Reverse Proxy and HTTP Acceleration
Reverse proxy and HTTP accelerator that speeds up websites and reduces streaming latency for content delivery
Content Caching Technology
Caching technology that reduces backend server load by up to 99% while delivering all types of content faster
Integrated Load Balancing and API Gateway
Integrated functionality combining content cache, reverse proxy, load balancer, API gateway, web server, and SSL terminator
Origin Shield Protection
Origin shield mechanism that helps web services thrive under pressure and protects against traffic spikes
Multi-Protocol Content Delivery
Support for delivering websites, APIs, and video content with performance acceleration capabilities
AI-Powered Data Management
F5 AI Data Fabric enables generation of insights, management, and governance for data from different applications and products across multiple data lakes and data sources.
Multi-Cloud Network Connectivity
Global hub-and-spoke transit orchestration for connecting all cloud properties including public, private, network and edge clouds.
Integrated Security Stack
Unified software stack combining router, load balancer, network firewall, web application firewall (WAF), API security and API gateway capabilities.
Layer 3-7 DDoS Protection
L3-L7 DDoS defense capabilities for protecting applications and APIs deployed across distributed environments.
Unified Management Portal
Single SaaS-based console for SecOps, NetOps, and DevOps to manage and deploy virtual networks, connections, distributed applications, and API security.
Standard contract
No
No
No
Customer reviews
Mohamed Shaaban
Security automation has simplified web protection and supports reliable threat prevention
Reviewed on Mar 25, 2026
Review from a verified AWS customer
What is our primary use case?
I have been dealing with NGINX App Protect and the WAF policy. I usually recommend NGINX App Protect for banking and telecom, and for anyone that has their own database or servers that they host websites from. Usually, this is the presales part, and they do this work. I go to show them the presentation of what we can offer or show them the POC that we are already hosting on our servers.
What is most valuable?
I really love NGINX App Protect. It has been two months, and I love the functionality. I love the ease of implementation and the NIM, the Instance Manager. It is very easy to use and very user-friendly.
Its integration with DevOps is pretty good. Currently, I am using it as an NGINX Ingress controller, using the Plus certificate, and it is working perfectly. It is making it a lot easier than the regular one.
I assess the impact of real-time threat detection on the cybersecurity measures by testing it on the local environment and showing it to the customer. They appreciate it, and I appreciate it, so I think it is pretty good. Some threats like injection and running scripts, SQL injections, these all get stopped and rejected by the server, so I think it is doing its job.
What needs improvement?
I did not face any issues with NGINX App Protect. The only issue that we had is that someone was trying to install the POC for the customer, and he by mistake installed the Instance Manager on the same machine with NGINX Plus and the NGINX Agent, so this caused a conflict with the packages. We had to reinstall everything. I think this would not happen if it was on Kubernetes or something, but this was the issue, and we did not know that this was the issue.
For now, I think NGINX App Protect is good, but maybe I would like to see the logging feature added. If they can provide a real logging system, we would not have to integrate with Prometheus or any other logging tool. I think this would be a lot better, maybe a plugin that we can install. Maybe a logging portal that we can use from NGINX itself would be beneficial.
For how long have I used the solution?
I have been dealing with NGINX App Protect for nothing more than two months.
Which solution did I use previously and why did I switch?
Before working with WAF , I did not work with anything related to NGINX at all. I was just working with regular NGINX. If we have a front-end server, we implement the normal community edition just to redirect and reverse proxy, nothing related to any security.
reviewer2801424
Layered security has protected our cloud-native apps from DDoS attacks and improved compliance
Reviewed on Feb 06, 2026
Review provided by PeerSpot
What is our primary use case?
My main use case for NGINX App Protect is primarily in our infrastructure layer with Kubernetes , as I am using it to protect my application from attacks like DDoS and provide additional firewall protection to my application.
A specific example of how NGINX App Protect helped defend my application was during an attempted DDoS attack, when it flagged those requests and protected one of my applications.
What is most valuable?
The best features NGINX App Protect offers include a firewall, seven layers of DDoS protection, additional API securities, and threat intelligence services.
Of the features I mentioned, I find myself relying the most on Layer 7 DDoS protection because it protected one of my applications during a DDoS attack, and that has been quite helpful.
NGINX App Protect has positively impacted my organization by adding an additional layer of security on top of my infrastructure layer, which I consider quite helpful.
What needs improvement?
I think NGINX App Protect could be improved by having it come out of the box with NGINX .
For how long have I used the solution?
I have been using NGINX App Protect for deployments in servers for more than two to three years.
What do I think about the stability of the solution?
NGINX App Protect is stable in my experience.
What do I think about the scalability of the solution?
The scalability of NGINX App Protect is good and open source at its best, and I would rate it an 8 or 9 out of 10.
How are customer service and support?
The customer support for NGINX App Protect is good.
I would rate the customer support a 9 on a scale of 1 to 10.
Which solution did I use previously and why did I switch?
I cannot answer regarding whether I previously used a different solution before NGINX App Protect.
What was our ROI?
I cannot give a quantifiable metric at the moment regarding return on investment from using NGINX App Protect, but it did help with our compliance.
What's my experience with pricing, setup cost, and licensing?
I will not be able to answer about my experience with pricing, setup cost, and licensing for NGINX App Protect, as something different handles that in my team.
Which other solutions did I evaluate?
I could not recall the name of the other options, but I did an evaluation between others before choosing NGINX App Protect.
What other advice do I have?
I would rate this product an 8 overall.
Valerio Guaglianone
Long-term web protection has supported reliable traffic management but needs a simpler interface
Reviewed on Feb 06, 2026
Review from a verified AWS customer
What is our primary use case?
I'm following on a project in an initial phase and was looking for products for networking and security. I used NGINX App Protect, as a proxy, for the website. I have also implemented a simple web application firewall using NGINX and naxsi years ago. I have never used other solutions with NGINX App Protect apart from the proxy and the web application firewall features.
From my hands-on experience, NGINX App Protect is mainly useful when you want solid app and API security without changing how you already use NGINX . I’ve used it to protect web applications and APIs from the usual OWASP Top 10 issues, and what stands out is that it runs close to the app, so performance stays predictable and there’s no extra hop in the traffic flow. It works really well in Kubernetes and microservices environments, where you can apply security at the ingress or even per service and manage policies as code in the same CI/CD pipelines used by the dev teams. I’ve also seen it being effective against Layer-7 DDoS and abusive traffic, especially for APIs, because it learns normal behavior and reduces false positives.
How has it helped my organization?
Overall, it feels less like a traditional external WAF and more like a native extension of NGINX that fits naturally into day-to-day operations
What is most valuable?
NGINX App Protect is a good product. I have used both versions from F5 -also the free version- (I mean the NGINX/NGINX One/App Protect free trial period), and I think it is a good product. It's stable, affordable, and easy to manage. NGINX App Protect is a comprehensive security solution that combines advanced WAF , DoS protection, API security, and DevSecOps automation in a lightweight, scalable package ideal for modern cloud-native architectures.
The adaptive machine learning capabilities are truly commendable, as the solution can establish traffic baselines and detect anomalies in real time. It automatically adjusts security policies, minimizing the need for manual intervention and reducing false positives. Additionally, it supports scalable deployment across diverse environments, including on-premises, cloud, Kubernetes , and containers, offering both flexibility and scalability
I have experience with the web server, F5 load balancer, and similar products provided by Ergon, for eg. the web application firewall and the Microgateway for K8S. I'm also familiar with F5 BIG-IP products.
What needs improvement?
The GUI and web GUI configuration could be improved to be easier to manage and use.
For how long have I used the solution?
I have been using this for more or less 20 years.
What do I think about the stability of the solution?
NGINX App Protect is a good product and performs very well even when it is under stress.
How was the initial setup?
It was not so hard. NGINX App Protect is pretty easy to manage and configure overall.
What about the implementation team?
Only a consultant was involved. I'm working for Adesso Schweiz, a German company that has a business unit in Ticino, Switzerland.
What's my experience with pricing, setup cost, and licensing?
It's not among the cheapest solutions but the expense is justified given the robustness it offers. My priority isn't cost optimization, but the preservation of future capabilities.
Which other solutions did I evaluate?
I've never used any other solutions and I'm not aware of any alternatives that are as intensive as this one.
What other advice do I have?
I have created a web application firewall. I created it a couple of years ago. The timeframe for implementation would be difficult to provide because it depends on the project, many variables, and the validation process. Overall, I think NGINX App Protect is good. My review rating for this product is 7 out of 10.
reviewer2676000
Empowers seamless DevOps integration and future-ready configurations
Reviewed on Mar 18, 2025
Review provided by PeerSpot
What is our primary use case?
We are moving into a private cloud for our company, and we need to find a solution to supplement the ASM policy, which is not very flexible in the new environment.
What is most valuable?
I would say that the most valuable feature is the ability to operate in a DevOps environment and to be configured through API and pipeline by the developers themselves. It is about keeping some capabilities for the future.
What needs improvement?
It would be better if it were easier to implement and if there was more information from F5 regarding hardware requirements and specifications to deploy the service, to avoid disruptions after implementation.
For how long have I used the solution?
I have two or three years of experience working with this solution.
What do I think about the stability of the solution?
It is a quality solution, and I would rate its stability as eight out of ten.
What do I think about the scalability of the solution?
I would rate the scalability of this tool as nine out of ten.
How are customer service and support?
I would rate technical support as nine out of ten.
Which solution did I use previously and why did I switch?
Before NGINX App Protect , I used F5 ASM . The switch was due to company restrictions.
How was the initial setup?
The deployment took us a few months.
What about the implementation team?
The deployment was done in-house.
What was our ROI?
I am not focused on cost savings, but rather on maintaining future capabilities. I have no visibility yet on the price.
What other advice do I have?
Based on my experience, I would recommend others to use NGINX App Protect . I would rate this solution overall as eight out of ten.
Jean-Marc Porchet
Blocking IPs and detecting bots enhances security for medical websites
Reviewed on Mar 12, 2025
Review provided by PeerSpot
What is our primary use case?
I was researching products like NGINX App Protect and F5 Advanced WAF for long-term options. I have some use for such a solution, but probably not before next year.
What is most valuable?
Detecting bots and blocking IPs have proven effective for securing applications. We were able to block groups of IP addresses that were consistently attempting attacks, preventing them from accessing the website. These features have been deployed for a medical instrument company to protect their website.
How are customer service and support?
In general, the support for BIG-IP was good from my past experience as they were quick and efficient when we had issues.
What's my experience with pricing, setup cost, and licensing?
I don't know the pricing yet because in my other project, I was not part of the buying side and I was just starting to look at options.
Which other solutions did I evaluate?
For clients with a smaller budget or fewer applications, Cloudflare SaaS solution might be a better fit as the pricing is much lower compared to NGINX .
What other advice do I have?
Overall, I rate NGINX App Protect between eight and nine. It is a very good solution. AI might be interesting if it can make the product react faster to new attacks and trends. The overall product rating is 8.5 out of 10.