Posted On: Dec 6, 2021
You can now send AWS WAF logs directly to a CloudWatch Logs log group or to an HAQM S3 bucket. With this launch, we’re adding two new optional destinations for WAF logs in addition to HAQM Kinesis Data Firehose, which was already supported. When you use CloudWatch Logs as your WAF log destination, you can search and analyze WAF logs directly in the WAF console using CloudWatch Logs Insights. Using CloudWatch Logs Insights, you can view individual logs, compile aggregated reports, create visualizations, and construct dashboards.
To send WAF logs directly to a CloudWatch Logs log group or an S3 bucket, log into the AWS WAF Console, select a web access control list (web ACL), and access the logging and metrics section to add or change the logging destination. To search and analyze WAF logs you must select CloudWatch Logs as the logging destination. Once enabled, navigate to the AWS WAF Console and select the CloudWatch Logs Insights tab.
There is no additional AWS WAF cost to enable logging to these new destinations but standard service charges for AWS WAF, CloudWatch Logs, and S3 will still apply. Logging is available in all AWS WAF regions and for each supported service, including HAQM CloudFront, Application Load Balancer, HAQM API Gateway, and AWS AppSync. To learn more, see the AWS WAF developer guide.