Posted On: May 4, 2017

You can now log all your API calls to AWS WAF on Application Load Balancer (ALB) through AWS CloudTrail, the AWS service that records API calls for your account and delivers log files to your Amazon S3 bucket. CloudTrail logs can be used to enable security analysis, track changes to your AWS resources, and aid in compliance auditing. Integrating AWS WAF and CloudTrail lets you determine which requests were made to the AWS WAF API, the source IP address from which each request was made, who made the request, when it was made, and more.

If you are already using AWS CloudTrail, you will start seeing AWS WAF API calls in your AWS CloudTrail log. If you haven't turned on AWS CloudTrail for your account, you can turn on CloudTrail from the AWS Management Console. There is no additional charge for turning on AWS CloudTrail, but standard rates for Amazon S3 and Amazon SNS usage apply. Please visit the AWS WAF detail page or the AWS WAF Developer Guide to learn more.