AWS::WAFv2::WebACL OnSourceDDoSProtectionConfig - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.

AWS::WAFv2::WebACL OnSourceDDoSProtectionConfig

Configures the level of DDoS protection that applies to web ACLs associated with Application Load Balancers.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "ALBLowReputationMode" : String
}

YAML

  ALBLowReputationMode: String

Properties

ALBLowReputationMode

The level of DDoS protection that applies to web ACLs associated with Application Load Balancers. ACTIVE_UNDER_DDOS protection is enabled by default whenever a web ACL is associated with an Application Load Balancer. In the event that an Application Load Balancer experiences high-load conditions or suspected DDoS attacks, the ACTIVE_UNDER_DDOS protection automatically rate limits traffic from known low reputation sources without disrupting Application Load Balancer availability. ALWAYS_ON protection provides constant, always-on monitoring of known low reputation sources for suspected DDoS attacks. While this provides a higher level of protection, there may be potential impacts on legitimate traffic.

Required: Yes

Type: String

Allowed values: ACTIVE_UNDER_DDOS | ALWAYS_ON

Update requires: No interruption