https://buildonaws.lakil.org/tags/lambda/Recent content in Lambda on Build on AWSHugoenTue, 12 May 2026 00:00:00 +0000https://buildonaws.lakil.org/posts/ddos-log-auto-filter/Tue, 12 May 2026 00:00:00 +0000https://buildonaws.lakil.org/posts/ddos-log-auto-filter/<h1 id="we-blocked-the-ddos-then-the-cloudwatch-bill-arrived">We Blocked the DDoS, Then the CloudWatch Bill Arrived</h1> <p><strong>TL;DR:</strong> AWS Shield Advanced protects against DDoS-related scaling costs, but WAF log costs are not covered. When a customer said &ldquo;I need to keep logs but reduce costs,&rdquo; I proposed three incremental steps: (1) switch log destination to Data Firehose for ~8.5x cost reduction, (2) apply a WAF Logging Filter to DROP logs by DDoS label, (3) if logs must be preserved during normal operations, use CloudWatch Alarm + Lambda to automatically toggle the filter only during active DDoS. Step 3 is not a best practice — it is a workaround for specific edge cases.</p>