The team is configuring a WAF ACL to filter the ingress traffic for a new Application Load Balancer. The team needs to check which requests were blocked, allowed, or counted and whether the requests matched the WAF ACL rule properly. Which of the following options is suitable?

Answer options:

A.In the CloudWatch metrics, view the request details for the WAF ACL.
B.In the AWS WAF console, enable request sampling for the WAF ACL and view the detailed data of the sample requests.
C.Enable VPC flow logs, create a log filter for the WAF ACL, and view the request details.
D.Enable WAF logs and save the logs in an S3 bucket. Use Athena to analyze the details for the WAF ACL rule.

Correct Answer: B
Option A is incorrect because there are no request details in the WAF CloudWatch metrics.
Option B is CORRECT because, for each sampled request, users can get the request details and determine whether the rule works as expected.
Option C is incorrect because VPC flow logs will not contain the request details filtered by the WAF ACL rule.
Option D is incorrect because WAF logs can only be forwarded to a Kinesis Data Firehose instead of an S3 bucket. There is no need to use Athena as well.
References:
https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-testing.html#web-acl-testing-view-sample
https://aws.amazon.com/waf/faqs/