Which AWS service is used to protect web applications from common threats?

AWS WAF, or AWS Web Application Firewall, is specifically designed to protect web applications from common threats and vulnerabilities, such as SQL injection and cross-site scripting (XSS). By allowing you to create custom rules that filter out malicious web traffic, AWS WAF offers a way to safeguard your applications from various attacks that target web applications.

This service operates by inspecting incoming web requests based on defined rules, blocking or allowing access as needed. It can be integrated seamlessly with Amazon CloudFront, the content delivery network (CDN) service, and is beneficial for maintaining the security and integrity of web applications.

While AWS Shield also provides a layer of protection against distributed denial-of-service (DDoS) attacks, it is primarily focused on mitigating the effects of such attacks rather than safeguarding against application-layer threats. AWS Inspector is a security assessment service that helps in identifying vulnerabilities and deviations from best practices in applications, rather than acting as a protective barrier against specific attacks. AWS Config is a service that enables you to monitor and manage the configurations of your AWS resources, ensuring compliance and governance but does not specifically target web application threats.

Hence, AWS WAF is the appropriate choice for protecting web applications from a range of common threats effectively.