Posted On: Feb 6, 2024

Application Load Balancer (ALB) now supports console integration with AWS WAF that allows you to secure your applications behind ALB with a single click. This integration enables AWS WAF protections as a first line of defense against common web threats for your applications that use ALB. You can still optionally configure additional protections like bot detection and fraud prevention for your applications from the AWS WAF console.

Previously, you could secure your applications behind ALB with AWS WAF by preconfiguring a web access control list (web ACL) with the desired security rules. While this approach offers flexibility, it does require careful planning to determine the security rules to enable, and interaction with both the ALB and AWS WAF management consoles. Now, ALB handles creating and configuring AWS WAF for you with AWS-recommended protections for all applications. Customers who prefer to use an existing web ACL may continue to select a preconfigured web ACL instead.

You can use this one-click security protection provided by AWS WAF from the integrated services section of the ALB console for both new and existing load balancers. Standard pricing for AWS WAF applies. The feature is available in all commercial AWS Regions. To learn more, refer to the ALB User Guide.