Document Revisions - AWS WAF Security Automations

Document Revisions

Date Change
September 2016 Initial release
January 2017 Clarification on IP address limits in this solution
March 2017 Additional guidance on creating a cache behavior; updated URLs for AWS Security Blog posts
June 2017 Added ALB support and updated product limits
November 2017 Added rate-based rule support for HTTP flood protection; additional links for storing resource access logs
January 2018 Updated content on regional availability of AWS WAF for Application Load Balancers
December 2018 Added IPv6 Support, expanded CIDR ranges, and added a monitoring dashboard
April 2019 AWS WAF logs integration, Amazon Athena integration, and added a configurable log parser
December 2019 Added information on support for Node.js update
February 2020 Bug fixes and update to the RequestThreshold parameter
June 2020 Added Athena cost optimization using partitioning; updated README instructions; fixed a potential DoS issue within Bad Bots X-Forward-For header


This implementation guide is provided for informational purposes only. It represents current AWS product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of AWS products or services, each of which is provided "as is" without warranty of any kind, whether express or implied. This document does not create any warranties, representations, contractual commitments, conditions or assurances from AWS, its affiliates, suppliers or licensors. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers.

The AWS WAF Security Automations solution is licensed under Apache License Version 2.0 available at