Set up rate limiting
Rate limiting is one of the recommendations you may receive when configuring security protections.
CloudFront always enables rate limiting in monitor mode. When monitor mode is enabled, CloudFront captures metrics that tell you if the rate you configured in the Rate limiting field has been exceeded, how often, and by how much.
After you save the distribution, CloudFront starts to collect data based on the number in the Rate limiting field.
You can enable or manage the rate limiting settings in the Security - Web Application Firewall (WAF) section on the Security tab of any CloudFront distribution.
To set up rate limiting
Open the CloudFront console at https://console.amazonaws.cn/cloudfront/v4/home
. -
In the navigation pane, choose Distributions, and then choose the distribution that you want to change.
-
Choose the Security tab.
-
In the Security – Web Application Firewall (WAF) section, choose Edit.
-
Under Additional protections for dynamic applications and APIs, select Rate limiting. You can optionally change the rate limit. When you have fine-tuned the rate, choose Save changes.
-
In the Security – Web Application Firewall (WAF) section, next to Rate limiting, you can choose Monitor mode and then choose Enable blocking to deactivate monitor mode. CloudFront will start to block requests that exceed the specified rate limit.