Logging and monitoring in Amazon WAF
This section explains how to use Amazon tools for monitoring and responding to events in Amazon WAF.
Monitoring is an important part of maintaining the reliability, availability, and performance of Amazon WAF and your Amazon solutions. You should collect monitoring data from all parts of your Amazon solution so that you can more easily debug a multi-point failure if one occurs. Amazon provides several tools for monitoring your Amazon WAF resources and responding to potential events:
- Amazon CloudWatch alarms
Using CloudWatch alarms, you watch a single metric over a time period that you specify. If the metric exceeds a given threshold, CloudWatch sends a notification to an Amazon SNS topic or Amazon Auto Scaling policy. For more information, see Monitoring with Amazon CloudWatch.
- Amazon CloudTrail logs
CloudTrail provides a record of actions taken by a user, role, or an Amazon service in Amazon WAF. Using the information collected by CloudTrail, you can determine the request that was made to Amazon WAF, the IP address from which the request was made, who made the request, when it was made, and additional details. For more information, see Logging API calls with Amazon CloudTrail.
- Amazon WAF web ACL traffic logging
Amazon WAF offers logging for the traffic that your web ACLs analyze. The logs include information such as the time that Amazon WAF received the request from your protected Amazon resource, detailed information about the request, and the action setting for the rule that the request matched. For more information, see Logging Amazon WAF web ACL traffic.