AWS Web Application Firewall (WAF) Monitoring Integration

AWS WAF - Web Application Firewall is a managed service that lets you control (allow, block or count) the HTTP and HTTPS requests routed to your web application by defining customizable security rules call web access control lists (web ACLs). With Site24x7's AWS integration you can now monitor your rules and web ACLs.

Setup and Integration

  • If you haven't done it already, enable Site24x7 programmatic access to your AWS resources by creating Site24x7 as an IAM user or by creating a cross-account IAM role between you AWS account and Site24x7's AWS account. Learn more.
  • In the Integrate AWS Account page, make sure AWS WAF is checked under the services to be discovered field. Learn more.

Policy and permission

Assign the AWS managed policy ReadOnlyAccess to the Site24x7 IAM entity (user or role) to help Site24x7 collect metric and inventory data. If you want to assign a custom policy, please make sure the following read level actions are present in the policy JSON. Learn more.

  • "waf-regional:ListWebACLs",
  • "waf-regional:ListRules",
  • "waf-regional:GetWebACL",
  • "waf-regional:ListTagsForResource",
  • "waf-regional:GetGeoMatchSet",
  • "waf-regional:GetIPSet",
  • "waf-regional:GetXssMatchSet",
  • "waf-regional:GetByteMatchSet",
  • "waf-regional:GetRegexMatchSet",
  • "waf-regional:GetSqlInjectionMatchSet",
  • "waf-regional:GetSizeConstraintSet",
  • "waf-regional:ListActivatedRulesInRuleGroup",
  • "waf:ListRules",
  • "waf:GetWebACL",
  • "waf:ListTagsForResource",
  • "waf:ListWebACLs",
  • "waf:GetByteMatchSet",
  • "waf:GetIPSet",
  • "waf:GetXssMatchSet",
  • "waf:GetRegexMatchSet",
  • "waf:GetSizeConstraintSet",
  • "waf:ListActivatedRulesInRuleGroup",
  • "wafv2:ListLoggingConfigurations",
  • "wafv2:GetWebACL",
  • "wafv2:ListTagsForResource",
  • "wafv2:ListWebACLs",
  • "wafv2:GetIPSet",
  • "wafv2:GetRegexPatternSet",
  • "wafv2:GetRuleGroup",
  • "waf-regional:ListResourcesForWebACL"
  • "cloudfront:listDistributionsByWebACLId"

 

For the WAFV2, following are the read level actions to be present in the policy JSON. Learn more.

  • wafv2:Get*
  • wafv2:List*
  • wafv2-Describe*

Polling frequency

Site24x7 collects metric data for your web access control lists (web ACLs) as per the poll frequency set (1 minute to a day). Learn more.

Licensing

Each web access control list (web ACL) is considered a basic monitor. Learn more.

Supported metrics

The following metrics are collected :

AttributeDescriptionStatisticsData type
Allowed requests Measures the total number of web requests Sum Count
Blocked requests Measures the total number of blocked web requests Sum Count
Counted requests Measures the number of counted requests. (A counted request is a one that matches all the conditions in a particular rule) Sum Count
Passed requests Measures the number of passed requests for a rule group. (A passed requests a one that did not match any rule in the rule group. Sum Count
Web ACL Rule Capacity Units Used Provides the capacity units utilized for a web ACL. This metric is applicable only for WAFV2. NA Count

To view data

  • Sign in to the AWS web console. Choose AWS from the left navigation pane and choose your monitored AWS account.
  • In the menu drop down, choose Web Application Firewall.
  • From the list of monitored web access control lists (web ACLs), choose the web ACL for which you want to view metrics for.

AWS WAF monitoring interface

Web ACL summary

Use the summary tab to understand the performance of your web ACL. By default, the page displays a single time series chart with all the supported metrics along with an events timeline.

Rule Details

The metrics: allowed requests, blocked requests, counted requests and passed requests are broken down by the rule dimension (metric name of the rule) and displayed in a columnar view. Also, time series charts for each metric-rule combination is displayed by default.

Forecast

Estimate future values of the following performance metrics and make informed decisions about adding capacity or scaling your AWS infrastructure.

  • Total Blocked Requests
  • Total Passed Requests
  • Total Counted Requests
Was this document helpful?
Thanks for taking the time to share your feedback. We’ll use your feedback to improve our online help resources.