echeung-amzn
commented
2 years ago https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html
Can you describe which metrics would be useful for you to monitor and alarm on?
Closed rahul0705 closed 2 years ago
echeung-amzn
commented
2 years ago https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html
Can you describe which metrics would be useful for you to monitor and alarm on?
rahul0705
commented
2 years ago When creating a WAF ACL or RuleGroups there is a visibility section where we can enable and name the metrics:
visibilityConfig: {
cloudWatchMetricsEnabled: false,
metricName: 'metricName',
sampledRequestsEnabled: false,
},If we can create dashboards on the COUNT BLOCK and ALLOW traffic that would be greatly helpful.
voho
commented
2 years ago Just curious - what does this metricName parameter do? I see the metric names are specified already in the doc. What changes when you modify it?
Best start IMHO would be if we can agree on the API. How would you like to define your monitoring, what parameters to pass? Should we take visibilityConfig, ACL or RuleGroup?
rahul0705
commented
2 years ago Based on what I've seen metricName allows you to specify custom names for the rule or WAF itself.
As far as API to define monitoring, to keep consistent with other APIs it probably would be a good idea to either take the ACL directly (if we can query the metricNames assigned for that ACL) its also worth noting that ACLs can be assigned to an AWS resource, so maybe its possible to "automagically" determine the ACL metrics for services that have them tied already if the API supports it (i.e. API Gateway may have an ACL so .monitorAPIGateway() can automatically pull ACL metrics in?, or similar with CloudFront?)
voho
commented
2 years ago We can take it step by step, e.g. start with something simple and keep extending it.
I have been researching some existing solutions and it seems that people are usually just monitoring allowed vs. blocked requests, typically for ALL rules in the given ACL.
So, what is the basic unit we are monitoring here... is it ACL + subset of rules? Or just list of rules and ACL separately?
rahul0705
commented
2 years ago Probably the latter as it seems from what I've seen that most ACLs will contain very very similar rules, we may also want to include count as well since that will tell the user if a request matched a rule but was not blocked (generally used for testing new rules?)
echeung-amzn
commented
2 years ago Basic support was added in #89. It'd be best to create a new issue detailing enhancements in more depth if desired.
Feature scope
AWS WAF
Describe your suggested feature
AWS Offers Several different firewall tools. Having Web Application Firewall being monitored in this library would be greatly helpful.