Viewing metrics for your web ACL - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Viewing metrics for your web ACL

After you've associated a web ACL with one or more Amazon resources, you can view the resulting metrics for the association in an Amazon CloudWatch graph.

For information about Amazon WAF metrics, see Amazon WAF metrics and dimensions. For information about CloudWatch metrics, see the Amazon CloudWatch User Guide.

For each of your rules in a web ACL and for all the requests that an associated resource forwards to Amazon WAF for a web ACL, CloudWatch lets you do the following:

  • View data for the preceding hour or preceding three hours.

  • Change the interval between data points.

  • Change the calculation that CloudWatch performs on the data, such as maximum, minimum, average, or sum.

Note

Amazon WAF with CloudFront is a global service and metrics are available only when you choose the US East (N. Virginia) Region in the Amazon Web Services Management Console. If you choose another Region, no Amazon WAF metrics will appear in the CloudWatch console.

To view data for the rules in a web ACL

  1. Sign in to the Amazon Web Services Management Console and open the CloudWatch console at https://console.amazonaws.cn/cloudwatch/.

  2. If necessary, change the Region to the one where your Amazon resources are located. For CloudFront, choose the US East (N. Virginia) Region.

  3. In the navigation pane, under Metrics, choose All metrics and then search under the Browse tab for AWS::WAFV2.

  4. Select the check box for the web ACL that you want to view data for.

  5. Change the applicable settings:

    Statistic

    Choose the calculation that CloudWatch performs on the data.

    Time range

    Choose whether you want to view data for the preceding hour or the preceding three hours.

    Period

    Choose the interval between data points in the graph.

    Rules

    Choose the rules for which you want to view data.

    Note

    If you change the name of a rule and you want the rule's metric name to reflect the change, you must update the metric name as well. Amazon WAF doesn't automatically update the metric name for a rule when you change the rule name. You can change the metric name when you edit the rule in the console, by using the rule JSON editor. You can also change both names through the APIs and in any JSON listing that you use to define your web ACL or rule group.

    Note the following:

    • If you recently associated a web ACL with an Amazon resource, you might need to wait a few minutes for data to appear in the graph and for the metric for the web ACL to appear in the list of available metrics.

    • If you associate more than one resource with a web ACL, the CloudWatch data will include requests for all of them.

    • You can hover the cursor over a data point to get more information.

    • The graph doesn't refresh itself automatically. To update the display, choose the refresh ( Icon to refresh the CloudWatch graph ) icon.

For more information about CloudWatch metrics, see Monitoring with Amazon CloudWatch.