Quick Tip: When AI Agents Get Blocked by AWS Managed Rules TL;DR: OpenAI agent traffic was being blocked by AWS WAF’s Anonymous IP List rule (HostingProviderIPList). The source IP belonged to an Azure range included in the HostingProviderIPList. Bot Control was correctly identifying the same traffic as a verified bot, so the fix was to switch HostingProviderIPList to Count and add a custom rule …
Sharing Large Files with Customers — Automating S3 + CloudFront Signed URLs TL;DR: When you need to share large files or directories with customers, this script automates the entire flow — zip compression, S3 upload, and CloudFront Signed URL generation — in a single command: sharelink.py <path>. The generated link is valid for 7 days.
Key Terms: CloudFront Signed URL = A time-limited URL that …
We Blocked the DDoS, Then the CloudWatch Bill Arrived TL;DR: AWS Shield Advanced protects against DDoS-related scaling costs, but WAF log costs are not covered. When a customer said “I need to keep logs but reduce costs,” I proposed three incremental steps: (1) switch log destination to Data Firehose for ~8.5x cost reduction, (2) apply a WAF Logging Filter to DROP logs by DDoS label, (3) if logs …
Why My Blog Won’t Serve HTML to Bots TL;DR: Serving Markdown instead of HTML to verified bots gives you two things: your content gets cited accurately in AI answers, and Data Transfer Out costs drop by 94 %. AWS WAF Bot Control identifies the bots, and CloudFront Functions rewrites the URL.
Key Terms: Bot Control Targeted = AWS WAF’s bot detection level combining IP reputation, TLS fingerprinting, …