AWS – AWS WAF enhances Data Protection and logging experience

AWS WAF expands its Data Protection capabilities with new controls for sensitive data in logs. In addition, we have updated the Logging configuration console experience, making it easier for customer to select the optimal logging option.

Data Protection works together with existing Logging Redaction and Filtering features. You can select which protection method to use based on your use case and where you need to apply the controls. When configured, selected request log fields can be replaced with cryptographic hashes (e.g. ‘ade099751d2ea9f3393f0f’) or a predefined static string (‘REDACTED’) before logs are sent to WAF Sample Logs, Amazon Security Lake, CloudWatch, or other logging destinations. This centralized approach is designed to simplify the management of data and reduces the risk of accidental exposure. In addition, we simplified the WAF console experience for managing logging configurations. Customers can now view all available logging options and select their preferred settings in a simple unified experience.

This feature is available in all AWS Regions and endpoints where AWS WAF is available. To learn more, see the AWS WAF developer guide. There is no additional cost for using this feature, however standard AWS WAF charges still apply. For details, visit the AWS WAF Pricing page.

To use the new Data Protection feature, simply navigate to your Web ACL ‘Logging and metrics’ section in the AWS WAF console and choose the desired data protection option. Existing logging configurations will remain unchanged. For more information about the Data Protection, visit AWS documentation.

Read More for the details.