Configure AWS WAF Bot Control managed rule group to detect and manage bot traffic

Verified steps

1. Add the Bot Control managed rule group to your web ACL Rules array: set VendorName to AWS, Name to AWSManagedRulesBotControlRuleSet, and Priority to a number evaluated after your allow-list rules but before other managed groups.
2. In ManagedRuleGroupStatement, include a ManagedRuleGroupConfigs entry with AWSManagedRulesBotControlRuleSet configuration: set InspectionLevel to COMMON (lower cost, detects self-identifying bots) or TARGETED (higher cost, includes ML-based detection of sophisticated bots).
3. The TARGETED inspection level includes rules prefixed TGT_ML_ that use machine learning to detect distributed coordinated bot activity; machine learning is enabled by default but can be disabled by setting EnableMachineLearning to false in the config.
4. Bot Control adds labels to matched requests (for example awswaf:managed:aws:bot-control:bot:category:scraper); you can match these labels in downstream rules using LabelMatchStatement to apply custom actions to specific bot categories without changing the Bot Control rule group's default actions.
5. Start by overriding all Bot Control rule actions to Count using RuleActionOverrides on each rule name; review the sampled requests and labels in the AWS WAF console for at least one week before switching rules to Block.
6. Enable the web ACL's VisibilityConfig with SampledRequestsEnabled=true and publish metrics to CloudWatch; create alarms on the CountedRequests metric filtered to Bot Control rule labels to track bot volume trends.