Amazon Web Services (AWS) has rolled out a significant enhancement to its AWS Web Application Firewall (WAF), introducing automated application layer (Layer 7) DDoS protection designed to detect and mitigate threats within seconds. This new capability is available through an AWS Managed Rule group and is designed to help organizations maintain the security and high availability of their applications on Amazon CloudFront, Application Load Balancer (ALB), and other supported AWS services.
The solution uses machine learning models to analyze traffic behavior and establish a baseline within minutes of activation. Once deployed, it automatically detects anomalies and applies mitigation rules to counter suspicious or malicious traffic. This allows cloud security teams and site reliability engineers to reduce manual effort in configuring and managing DDoS protections.
Users have flexibility in configuring how the system responds, whether by issuing challenges or outright blocking unwanted requests. The feature is available to AWS WAF and AWS Shield Advanced customers across all supported AWS Regions, excluding Asia Pacific (Thailand), Mexico (Central), and China (Beijing and Ningxia).
For more details, including pricing and technical setup, visit the AWS WAF documentation and AWS WAF console.
