New Feature: Amazon CloudFront no longer charges (No Billing) for requests blocked by AWS WAF

·

1 min read

AWS has introduced an invaluable feature for users of CloudFront protected by AWS WAF: CloudFront will no longer bill requests that are blocked by AWS WAF. This new feature provides enhanced financial protection, especially helpful against DDoS attacks, that generate a significant volume of requests on CloudFront.

https://aws.amazon.com/about-aws/whats-new/2024/11/amazon-cloudfront-charges-requests-blocked-aws-waf/

Some additional insights:

Billing Exemptions on Blocked Requests: CloudFront does not apply billing on a request blocked by WAF, when the terminating rule action in WAF is BLOCK, regardless of the custom response configured in WAF. For example, you could configure a custom response with a 200 OK for a graceful HTML for blocked request.

Custom Error Responses: CloudFront will also not bill for custom error responses triggered by WAF’s BLOCK actions. This means if WAF blocks a request and triggers an error response configured in CloudFront, those error-handling responses won’t incur charges.

Extra Protection with Shield Advanced: Customers who are subscribed to Shield Advanced gain even more financial protection. It protects you against the costs of CloudFront requests that were not blocked by WAS WAF during a DDoS attack. It also cover other AWS services that had to scale to absorb the attack.