By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS WAF - Rate-Based Rule and Eventbridge event notification?

0

Hi all,

I've tried looking for documentation but am not seeing anything specific. I would like to send a notification to various destinations (Teams channel and e-mail) whenever an AWS WAF Rate-Based Rule is breached. Is this possible?

Topics
Security, Identity, & ComplianceServerlessApplication IntegrationManagement & GovernanceNetworking & Content DeliveryAWS Well-Architected Framework
Tags
AWS WAFAmazon EventBridgeAmazon CloudWatchSecurity
Language
English
Adrian-Keith
asked a year ago713 views
1 Answer
1
Accepted Answer

You could enable CloudWatch Metrics for the rate-based rule or rules you are interested in. Then configure a CloudWatch alarm for the relevant metric, such as "BlockedRequests" or "CountedRequests" specific to the rule.

You can set the CloudWatch alarm to notify an SNS (Simple Notification Service) topic, which you can further set to send an email or trigger a Lambda function with custom logic. There are step-by-step instructions for delivering SNS notifications to a Teams channel in this article: https://repost.aws/knowledge-center/sns-lambda-webhooks-chime-slack-teams

EXPERT
Leo K
answered a year ago
profile pictureAWS
EXPERT
Didier_Durand
reviewed a year ago
  • Adrian-Keith
    a year ago

    Thanks @Leo K. I was under the impression that Eventbridge was the preferred method but I'll use CloudWatch.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content