How to use Amazon Athena queries to analyze AWS WAF logs and provide the visibility needed for threat detection
Networking & Content Delivery Blog
This article discusses how to use Amazon Athena queries to analyze AWS WAF logs and gain visibility into potential threats to web applications. It provides insights into detecting and preventing sophisticated attacks using AWS WAF, Bot Control, and Fraud Control.
Specifically, the article covers:
- AWS WAF logging and publishing logs to Amazon S3
- Prerequisites for creating Athena tables and partitioning schemes
- Seven examples of Athena queries for threat detection analysis, including:
- Top talkers by IP, URI, etc.
- Counts of bot traffic by date and IP
- Counts of AWS WAF labels matched per IP
- Website scraping and attack detection
- AWS WAF token analysis and misuse
- Session tracking by AWS WAF token
- Tips for optimizing Athena query performance
- Pricing considerations for AWS WAF logging and Athena
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Feb 18
2025
2025
Streamline AWS WAF log analysis with Apache Iceberg and Amazon Data Firehose
May 27
2026
2026
Amazon S3 audit logging, Part 1: Analyzing server access logs with Amazon Athena for performance insights
Mar 20
2024
2024
Analyzing Amazon CloudWatch Internet Monitor measurement logs using Amazon Athena and Amazon QuickSight
Jun 3
2025
2025
Amazon Athena announces managed query results to streamline analysis workflows
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.