To prevent spamming and abuse, the firewall limits requests per IP address to a set amount over a 5-minute period. This means that IP addresses are necessarily remembered by AWS temporarily up to 5 minutes to determine if an IP is abusive, before resetting this information.