Posted On: Dec 6, 2021
You can now send AWS WAF logs directly to a CloudWatch Logs log group or to an Amazon S3 bucket. With this launch, we’re adding two new optional destinations for WAF logs in addition to Amazon Kinesis Data Firehose, which was already supported. When you use CloudWatch Logs as your WAF log destination, you can search and analyze WAF logs directly in the WAF console using CloudWatch Logs Insights. Using CloudWatch Logs Insights, you can view individual logs, compile aggregated reports, create visualizations, and construct dashboards.
To send WAF logs directly to a CloudWatch Logs log group or an S3 bucket, log into the AWS WAF Console, select a web access control list (web ACL), and access the logging and metrics section to add or change the logging destination. To search and analyze WAF logs you must select CloudWatch Logs as the logging destination. Once enabled, navigate to the AWS WAF Console and select the CloudWatch Logs Insights tab.
There is no additional AWS WAF cost to enable logging to these new destinations but standard service charges for AWS WAF, CloudWatch Logs, and S3 will still apply. Logging is available in all AWS WAF regions and for each supported service, including Amazon CloudFront, Application Load Balancer, Amazon API Gateway, and AWS AppSync. To learn more, see the AWS WAF developer guide.