Monitoring tools - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Monitoring tools

Amazon provides various tools that you can use to monitor Amazon WAF and Amazon Shield Advanced. You can configure some of these tools to do the monitoring for you, while other tools require manual intervention. We recommend that you automate monitoring tasks as much as possible.

Automated monitoring tools

You can use the following automated monitoring tools to watch Amazon WAF and Amazon Shield Advanced and report when something is wrong:

  • Web ACL traffic overview dashboards – Access summaries of the web traffic that a web ACL evaluates by going to the web ACL's page in the Amazon WAF console and opening the Traffic overview tab.

    The traffic overview dashboards provide near real-time summaries of the Amazon CloudWatch metrics that Amazon WAF collects when it evaluates your application web traffic. You can see summaries for all of your web traffic and for traffic evaluated by the intelligent threat mitigation rule groups.

    For more information, see Web ACL traffic overview dashboards or go to the dashboards in the console.

  • Amazon CloudWatch Alarms – Watch a single metric over a time period you specify, and perform one or more actions based on the value of the metric relative to a given threshold over a number of time periods. The action is a notification sent to an Amazon Simple Notification Service (Amazon SNS) topic or Amazon EC2 Auto Scaling policy. Alarms invoke actions for sustained state changes only. CloudWatch alarms will not invoke actions simply because they are in a particular state; the state must have changed and been maintained for a specified number of periods. For more information, see Monitoring CloudFront Activity Using CloudWatch.


    CloudWatch metrics and alarms are not enabled for Amazon Firewall Manager.

    Not only can you use CloudWatch to monitor Amazon WAF and Shield Advanced metrics as described in Monitoring with Amazon CloudWatch, you also should use CloudWatch to monitor activity for your protected resources. For more information, see the following:

  • Amazon CloudWatch Logs – Monitor, store, and access your log files from Amazon CloudTrail or other sources. For more information, see What is Amazon CloudWatch Logs?.

  • Amazon CloudWatch Events – Automate your Amazon services and respond automatically to system events. Events from Amazon services are delivered to CloudWatch Events in near real time, and you can specify automated actions to take when an event matches a rule that you write. For more information, see What is Amazon CloudWatch Events?

  • Amazon CloudTrail Log Monitoring – Share log files between accounts, monitor CloudTrail log files in real time by sending them to CloudWatch Logs, write log-processing applications in Java, and validate that your log files have not changed after delivery by CloudTrail. For more information, see Logging API calls with Amazon CloudTrail and Working with CloudTrail Log Files in the Amazon CloudTrail User Guide.

  • Amazon Config – View the configuration of Amazon resources in your Amazon account, including how the resources are related to one another and how they were configured in the past so that you can see how the configurations and relationships change over time.

Manual monitoring tools

Another important part of monitoring Amazon WAF and Amazon Shield Advanced involves manually monitoring those items that the CloudWatch alarms don't cover. You can view the Amazon WAF, Shield Advanced, CloudWatch, and other Amazon Web Services Management Console dashboards to see the state of your Amazon environment. We recommend that you also check the log files for your web ACLs and rules.

  • For example, to view the Amazon WAF dashboard:

    • On the Requests tab of the Amazon WAF Web ACLs page, view a graph of total requests and requests that match each rule that you have created. For more information, see Viewing a sample of web requests.

  • View the CloudWatch home page for the following:

    • Current alarms and status

    • Graphs of alarms and resources

    • Service health status

    In addition, you can use CloudWatch to do the following:

    • Create customized dashboards to monitor the services that you care about.

    • Graph metric data to troubleshoot issues and discover trends.

    • Search and browse all of your Amazon resource metrics.

    • Create and edit alarms to be notified of problems.