AWS WAF
Introduction
Amazon WAF (Web Application Firewall) is a service provided by Amazon Web Services that helps protect web applications from common web exploits and attacks that could affect application availability, compromise security, or consume excessive resources.
Getting Started
Compatibility
vuSmartMaps can be deployed and monitored in Amazon CloudFront, the Application Load Balancer (ALB), Amazon API Gateway, and AWS AppSync.
Data Collection Method
vuSmartMaps collects AWS WAF metrics through a data collector deployed within the vuSmartMaps platform, which uses cloudwatch to retrieve performance and health metrics.
Prerequisites
Dependent Configuration
To configure this O11ySource, create a 'credential' of type 'aws' under the 'Definition' tab.
Inputs for Configuring Data Source
- WAF Data Source Name: Enter a unique name for this AWS WAF Source.
- AWS Region: AWS Region where the instance of this component is running. For eg: Asia Pacific (Mumbai), the region would be ap-south-1.
- AWS Credential: AWS credential that provides Access key and Secret key to access Cloudwatch.
- Period (in minutes): Specifies the interval in minutes at which data is collected. Data collection occurs once every specified period. The period should be between 1 - 60 minutes.
Applications
Firewall Requirement
To collect data from this O11ySource, ensure the following ports are opened:
| Source IP | Destination IP | Destination Port | Protocol | Direction |
|---|---|---|---|---|
| vuSmartMaps Collection/Ingress node IP | Service URL | 443* | TCP | Outbound |
*Before providing the firewall requirements, please update the port based on the customer environment.
Configuring the Target
Health and Performance metrics of AWS WAF is collected through CloudWatch service. So AWS CloudWatch services must be enabled in your AWS account.
An IAM role or user with the following permissions to access CloudWatch metrics:
- cloudwatch:GetMetricData
- cloudwatch:ListMetrics
Configuration Steps
Metrics Collected
| Name | Description | Data Type |
|---|---|---|
| Timestamp | Timestamp at which metrics are collected from source. | DateTime64 |
| AllowedRequests | The number of web requests that the AWS WAF allowed. | UInt64 |
| BlockedRequests | The number of web requests that the AWS WAF blocked. | UInt64 |
| CountedRequests | The number of web requests that the AWS WAF counted. | UInt64 |
| PassedRequests | The number of web requests that passed through the AWS WAF. | UInt64 |
| CaptchaRequests | The number of web requests that had CAPTCHA controls applied. | UInt64 |
| RequestsWithValidCaptchaToken | The number of web requests that had CAPTCHA controls applied and that had a valid CAPTCHA token. | UInt64 |
| CaptchasAttempted | The number of solutions that were submitted by an end user in response to a CAPTCHA puzzle challenge. | UInt64 |
| CaptchasSolved | The number of CAPTCHA puzzle solutions submitted that successfully solved the puzzle. | UInt64 |
| ChallengeRequests | The number of web requests that had challenge controls applied. | UInt64 |
| RequestsWithValidChallengeToken | The number of web requests that had challenge controls applied and that had a valid challenge token. | UInt64 |
| Region | The AWS region where instance is running. | LowCardinality(String) |
| WebACL | The name of AWS WebACL | String |
| Rule | Web application firewall (WAF) rules are used to define how to inspect HTTP/HTTPS web traffic (requests) to an application, where and what parameters and conditions to look for in the request, and what action the WAF should take when a request matches those definitions | String |
| Tenant ID | Tenant ID | LowCardinality(String) |
| BU ID | BU ID | LowCardinality(String) |
| DocType | Document type of WAF | LowCardinality(String) |
