Network packet inspection, also referred to as Deep Packet Inspection (DPI), inspects packet headers and data contents of packets to detect non-compliant data, viruses, spam, and so on, and can take actions such as blocking, logging, and so on. It combines the functionalities of a traditional firewall with an Intrusion Detection System (IDS) or an Intrusion Prevention System (IPS).

AWS WAF, the firewall service in AWS, can check for known exploits such as SQL injection, cross-site scripting, and so on. However, AWS cannot do a complete network packet inspection and lacks the functionality of an IDS and IPS. We can, however, use solutions from AWS Marketplace. There are solutions provided by vendors including Alert Logic, Trend Micro, McAfee, Palo Alto Networks, and Cisco Systems, among others.