Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

AWS WAF - Rate-Based Rule and Eventbridge event notification?

0

Hi all,

I've tried looking for documentation but am not seeing anything specific. I would like to send a notification to various destinations (Teams channel and e-mail) whenever an AWS WAF Rate-Based Rule is breached. Is this possible?

Topics
Application IntegrationServerlessManagement & GovernanceNetworking & Content DeliverySecurity, Identity, & ComplianceAWS Well-Architected Framework
Tags
Amazon CloudWatchAWS WAFSecurityAmazon EventBridge
Language
English
asked 2 years ago820 views
1 Answer
1
Accepted Answer

You could enable CloudWatch Metrics for the rate-based rule or rules you are interested in. Then configure a CloudWatch alarm for the relevant metric, such as "BlockedRequests" or "CountedRequests" specific to the rule.

You can set the CloudWatch alarm to notify an SNS (Simple Notification Service) topic, which you can further set to send an email or trigger a Lambda function with custom logic. There are step-by-step instructions for delivering SNS notifications to a Teams channel in this article: https://repost.aws/knowledge-center/sns-lambda-webhooks-chime-slack-teams

EXPERT
answered 2 years ago
EXPERT
reviewed 2 years ago
  • Adrian Keith
    2 years ago

    Thanks @Leo K. I was under the impression that Eventbridge was the preferred method but I'll use CloudWatch.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content