- Newest
- Most votes
- Most comments
There is no direct integration between CloudWatch alarms and WAF, so you need a Lambda function as an intermediary. Set up a CloudWatch alarm for your specific condition, then create a Lambda function capable of modifying WAF rules or WebACL associations. Use EventBridge to trigger this Lambda function when the alarm state changes. The Lambda function will check the alarm state and, based on that, it can associate or dissociate the WebACL to or from the ALB accordingly.
Hello, please take a look at this blog post (plus associated sample code) - this might take some of the heavy lifting out of what you're trying to do. https://aws.amazon.com/blogs/networking-and-content-delivery/how-to-dynamically-adapt-your-response-to-changing-threat-levels-using-aws-waf/
Hi, please note that in the answer above the statement "Use EventBridge to trigger this Lambda function when the alarm state changes" is not mandatory: you can invoke a Lambda function directly from the alarm, without the need to go through EventBridge. How you invoke the Lambda function is your choice: a direct integration between the alarm and the Lambda simplifies the architecture at the tradeoff of simply having to manage alarm permissions more granularly.
Relevant content
- Accepted Answerasked 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 years ago