AWS WAF Security Automations
AWS WAF Security Automations

Document Revisions

Date Change Location
September 2016 Initial release
January 2017 Clarification on IP address limits in this solution IP Match Conditions
March 2017 Additional guidance on creating a cache behavior; updated URLs for AWS Security Blog posts Step 3; Additional Resources
June 2017 Added ALB support and updated product limits All
November 2017 Added rate-based rule support for HTTP flood protection; additional links for storing resource access logs All
January 2018 Updated content on regional availability of AWS WAF for Application Load Balancers AWS Regions and Multiple Deployments; Step 1


This implementation guide is provided for informational purposes only. It represents AWS's current product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of AWS's products or services, each of which is provided "as is" without warranty of any kind, whether express or implied. This document does not create any warranties, representations, contractual commitments, conditions or assurances from AWS, its affiliates, suppliers or licensors. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers.

The AWS WAF Security Automations solution is licensed under the terms of the Amazon Software License available at

On this page: