Can Cloudwatch alarm trigger WAF for ALB?

0

Is it possible to automatically trigger WAF on an ALB if a certain condition is met on a CloudWatch alarm? And also turn it off again, if condition not met anymore (based status change on alarm).

When I'm editing an alarm on CloudWatch, there is only Lambda/Auto Scaling/Ec2 Action/System Manager, but nothing about such use case. Would I have to create a lambda function?

Ty.

3개 답변
1
수락된 답변

There is no direct integration between CloudWatch alarms and WAF, so you need a Lambda function as an intermediary. Set up a CloudWatch alarm for your specific condition, then create a Lambda function capable of modifying WAF rules or WebACL associations. Use EventBridge to trigger this Lambda function when the alarm state changes. The Lambda function will check the alarm state and, based on that, it can associate or dissociate the WebACL to or from the ALB accordingly.

AWS
답변함 3달 전
profile picture
전문가
검토됨 3달 전
1

Hello, please take a look at this blog post (plus associated sample code) - this might take some of the heavy lifting out of what you're trying to do. https://aws.amazon.com/blogs/networking-and-content-delivery/how-to-dynamically-adapt-your-response-to-changing-threat-levels-using-aws-waf/

AWS
전문가
답변함 2달 전
1

Hi, please note that in the answer above the statement "Use EventBridge to trigger this Lambda function when the alarm state changes" is not mandatory: you can invoke a Lambda function directly from the alarm, without the need to go through EventBridge. How you invoke the Lambda function is your choice: a direct integration between the alarm and the Lambda simplifies the architecture at the tradeoff of simply having to manage alarm permissions more granularly.

profile pictureAWS
답변함 2달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠