In a layered web application architecture, where should the AWS WAF be deployed to maximize security and minimize latency for users globally?