- Newest
- Most votes
- Most comments
You can configure CloudWatch event to send an email to specified email address when CloudWatch Logs receive blocked request log from AWS WAF.
Please refer below link to create CloudWatch Alarm. https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html
You can monitor web requests and web ACLs and rules using Amazon CloudWatch, which collects and processes raw data from AWS WAF and AWS Shield Advanced into readable, near real-time metrics. You can use statistics in Amazon CloudWatch to gain a perspective on how your web application or service is performing. You can create an Amazon CloudWatch alarm that sends an Amazon SNS message when the alarm changes state. An alarm watches a single metric over a time period that you specify, and performs one or more actions based on the value of the metric relative to a specified threshold over a number of time periods. The action is a notification sent to an Amazon SNS topic
Reference
I suggest you check documentation on WAF Incident Response that helps you understand different options that you have and take into consideration the following:
- Sending notification for every blocked request would create a way to many notifications that can exceed limits and generate costs, besides not adding value, check about CloudWatch anomaly detection.
- Think about monitoring metrics and create a table to enable Athena for quering WAF logs.
Althougt question is asking for email alerts, it can be best to deploy a dashboard for AWS WAF as proposed in this link.
Relevant content
- asked a year ago
- asked 2 years ago
- asked a year ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago