Skip to main content
Version: NG-3.1

AWS WAF

Introduction

Amazon WAF (Web Application Firewall) is a service provided by Amazon Web Services that helps protect web applications from common web exploits and attacks that could affect application availability, compromise security, or consume excessive resources.

Getting Started

Compatibility

vuSmartMaps can be deployed and monitored in Amazon CloudFront, the Application Load Balancer (ALB), Amazon API Gateway, and AWS AppSync.

Data Collection Method

vuSmartMaps collects AWS WAF metrics through a data collector deployed within the vuSmartMaps platform, which uses cloudwatch to retrieve performance and health metrics.

Prerequisites

Dependent Configuration

To configure this O11ySource, create a 'credential' of type 'aws' under the 'Definition' tab.

Inputs for Configuring Data Source

  • WAF Data Source Name: Enter a unique name for this AWS WAF Source.
  • AWS Region: AWS Region where the instance of this component is running. For eg: Asia Pacific (Mumbai), the region would be ap-south-1.
  • AWS Credential: AWS credential that provides Access key and Secret key to access Cloudwatch.
  • Period (in minutes): Specifies the interval in minutes at which data is collected. Data collection occurs once every specified period. The period should be between 1 - 60 minutes.
Applications

Firewall Requirement

To collect data from this O11ySource, ensure the following ports are opened:

Source IPDestination IPDestination PortProtocolDirection
vuSmartMaps Collection/Ingress node IPService URL443*TCPOutbound

*Before providing the firewall requirements, please update the port based on the customer environment.

Configuring the Target

Health and Performance metrics of AWS WAF is collected through CloudWatch service. So AWS CloudWatch services must be enabled in your AWS account.

An IAM role or user with the following permissions to access CloudWatch metrics:

  • cloudwatch:GetMetricData
  • cloudwatch:ListMetrics

Configuration Steps

Metrics Collected

NameDescriptionData Type
TimestampTimestamp at which metrics are collected from source.DateTime64
AllowedRequestsThe number of web requests that the AWS WAF allowed.UInt64
BlockedRequestsThe number of web requests that the AWS WAF blocked.UInt64
CountedRequestsThe number of web requests that the AWS WAF counted.UInt64
PassedRequestsThe number of web requests that passed through the AWS WAF.UInt64
CaptchaRequestsThe number of web requests that had CAPTCHA controls applied.UInt64
RequestsWithValidCaptchaTokenThe number of web requests that had CAPTCHA controls applied and that had a valid CAPTCHA token.UInt64
CaptchasAttemptedThe number of solutions that were submitted by an end user in response to a CAPTCHA puzzle challenge.UInt64
CaptchasSolvedThe number of CAPTCHA puzzle solutions submitted that successfully solved the puzzle.UInt64
ChallengeRequestsThe number of web requests that had challenge controls applied.UInt64
RequestsWithValidChallengeTokenThe number of web requests that had challenge controls applied and that had a valid challenge token.UInt64
RegionThe AWS region where instance is running.LowCardinality(String)
WebACLThe name of AWS WebACLString
RuleWeb application firewall (WAF) rules are used to define how to inspect HTTP/HTTPS web traffic (requests) to an application, where and what parameters and conditions to look for in the request, and what action the WAF should take when a request matches those definitionsString
Tenant IDTenant IDLowCardinality(String)
BU IDBU IDLowCardinality(String)
DocTypeDocument type of WAFLowCardinality(String)