Cost considerations

AWS WAF offers standalone pricing that is charged based on your usage of web ACLs, rules, and the number of requests that are inspected. For logging configurations, you will be charged based on your usage of Amazon Data Firehose. AWS Bot Control rulesets are paid AWS Managed Rules that can be added to your web ACL and you are charged a monthly charge (prorated hourly) for Bot Control rule group and an additional charge for the number of web requests processed by Bot Control. If you choose to use Managed rules for AWS Web Application Firewall you can subscribe to managed rules and pay only for what you use. There are no contracts or subscription commitments.

For workloads with high volumes of requests, consider evaluating AWS Shield Advanced to reduce the per request charges. When AWS WAF is used with resources protected by AWS Shield Advanced, there is no additional charges for using AWS WAF and AWS Firewall Manager. You simply pay for the charges associated with AWS Shield Advanced. This approach can help optimize cost for request-heavy workloads. For more details on pricing, refer to AWS Shield, AWS Firewall Manager, and AWS WAF pricing pages.

Scope-down statements are an efficient way to save costs. Using scope-down statements, you can limit what rules get analyzed. For example, you can assign the Bot Control managed rule for login page only, whereas all other pages of your website will not be analyzed for bot traffic. This will help reduce the cost of running AWS Bot Control with your AWS WAF.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Deployment to production

Conclusion