Testing and tuning high-level steps - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Testing and tuning high-level steps

This section provides a checklist of the steps for testing changes to your web ACL, including any rules or rule groups that it uses.


To follow the guidance in this section, you need to understand how to create and manage Amazon WAF protections like web ACLs, rules, and rule groups. That information is covered in earlier sections of this guide.

To test and tune your web ACL

Perform these steps first in a test environment, then in production.

  1. Prepare for testing

    Prepare your monitoring environment, switch your new Amazon WAF protections to count mode for testing, and create any resource associations that you need.

    See Preparing for testing.

  2. Monitor and tune in test and production environments

    Monitor and adjust your Amazon WAF protections first in a test or staging environment, then in production, until you're satisfied that they can handle traffic as you need them to.

    See Monitoring and tuning.

  3. Enable your protections in production

    When you're satisfied with your test protections, switch them to production mode, clean up any unnecessary testing artifacts, and continue monitoring.

    See Enabling your protections in production.

After you've finished implementing your changes, continue monitoring your web traffic and protections in production to make sure that they're working as you want them to. Web traffic patterns can change over time, so you might need to adjust the protections occasionally.