AWS WAF, AWS Firewall Manager, and AWS Shield Advanced
Developer Guide (API Version 2015-08-24)

Managing AWS Shield Advanced Protections

You can change the settings for your AWS Shield Advanced protections at any time. For example, you can add or remove rate-based rules and Amazon CloudWatch alarms.

Adding a Web ACL and Rate-based Rule to Your Shield Advanced Protections

The following procedure shows how to add a web ACL and rate-based rule to a protected resource.

To add a web ACL and rate-based rule to a protected resource

  1. Sign in to the AWS Management Console and open the AWS WAF console at https://console.aws.amazon.com/waf/.

  2. Choose Protected resources.

  3. Choose the radio button next to the resource that you want to edit.

  4. Choose Manage existing protections.

  5. Choose the check box next to the resource that you want to edit.

  6. Choose an existing web ACL and an existing rate-based rule. Alternatively, you can create a different web ACL and rate-based rule by following these steps:

    1. Choose Create new web ACL from the dropdown list.

    2. Enter a name. You can't change the name after you create the web ACL.

    3. Choose Create web ACL.

    4. From the dropdown list, choose Create new rule.

    5. Enter a name.

    6. Enter a rate limit. This is the maximum number of requests from a single IP address allowed in a five-minute period. The rate limit must be equal to or greater than 2,000.

    7. Choose Create rule.

  7. Choose the action to take if the rule is triggered. Block will block the request. Count will allow the request but increment a counter tracking how many times this rule was triggered.

  8. Choose Apply web protections.

  9. To skip the Amazon CloudWatch alarms page, uncheck all the checkboxes and choose Create alarms.

Adding a CloudWatch Alarm to Your Shield Advanced Protections

The following procedure shows how to add a CloudWatch alarm to a protected resource.

Note

CloudWatch incurs additional costs. For CloudWatch pricing, see Amazon CloudWatch Pricing.

To add a CloudWatch alarm to a protected resource

  1. Sign in to the AWS Management Console and open the AWS WAF console at https://console.aws.amazon.com/waf/.

  2. Choose Protected resources.

  3. Choose the radio button next to the resource.

  4. Choose Manage existing protections.

  5. To skip the rate-based rule page, choose Continue.

  6. For each Region that is listed in the table, choose an existing Amazon SNS topic or create a different topic. To create an Amazon SNS topic, follow these steps:

    1. Choose Create new topic from the dropdown list.

    2. Enter a topic name.

    3. Enter an email address that the Amazon SNS messages will be sent to, and then choose Add email address.

    4. Choose Create topic.

    5. Repeat as necessary for each protection and each rate-based rule.

  7. Choose Create alarms.

Removing a Rate-based Rule from Your Shield Advanced Protections

To remove a rate-based rule from your Shield Advanced protections, follow the instructions in Deleting a Rule.

Removing a CloudWatch Alarm from Your Shield Advanced Protections

To remove a CloudWatch alarm from your Shield Advanced protections, you have two options:

  • Delete the protection as described in Removing AWS Shield Advanced from an AWS Resource. Be sure to select the check box next to Also delete related DDoSDetection alarm.

  • Delete the alarm using the CloudWatch console. The name of the alarm to delete will start with DDoSDetectedAlarmForProtection.