Firewall and Amazon SNS

We are new to Cloudflare, from Sep 22. We are a newspaper and we were under heavy attack. Cloudflare works fine, block a lot of stuff

For hosting we use Amazon AWS. One of their services is SES which sends thousands emails every day, mostly in the mornings

This service uses another one named SNS which connect to a webhook on our end to notify when a new email is sent, an email is open, etc…

We have both services since couple of months working great

The case:

On Sep 26 and now 27, our website was very slow in the mornings. We change the firewall level to Under atack and all works fine. There are couple issues with some CURL stuff but we are working in a workarround

The issue:

The Js challenge goes up, which is to be expected, but 97% are from the SNS service

So we create a new rule to allow this Amazon ASN because we think is safe - AS16509

The problem is that our website goes down again

Question:

Why Cloudflare works great at first with the SNS service, but suddenly blocks/js challenge/slow our site?

The webhook on our end is very simple, and nobody touch the code

Does anyboy have this issue?