WAF & Shield----->Web ACLs--->Rules---->Add rules---->Add managed Rules Group-----AWS managed rule groups----->Free rule groups
Amazon IP reputation list : Add to web ACL---->edit:
Scope of inspection:Inspect all web requests
Amazon IP reputation list rules:
Override all rule actions:Override to Block
AWSManagedIPReputationList:Override to Block
AWSManagedReconnaissanceList:Override to Block
AWSManagedIPDDoSList:Override to Count
參考:
https://docs.aws.amazon.com/zh_cn/waf/latest/developerguide/aws-managed-rule-groups-ip-rep.html