AWS WAF
Introduction
Amazon WAF (Web Application Firewall) is a service provided by Amazon Web Services that helps protect web applications from common web exploits and attacks that could affect application availability, compromise security, or consume excessive resources.
Getting Started
Compatibility
vuSmartMaps can be deployed and monitored in Amazon CloudFront, the Application Load Balancer (ALB), Amazon API Gateway, and AWS AppSync.
Data Collection Method
vuSmartMaps collects health and performance data for AWS WAF using VuNet's Internal Data Collector.
Prerequisites
Dependent Configuration
To configure this O11ySource, create a 'credential' of type 'aws' under the 'Definition' tab.
Inputs for Configuring Data Source
- WAF Data Source Name: Data source name to uniqly identify the source.
- AWS Region: AWS Region where the instance of this component is running. For eg: Asia Pacific (Mumbai), the region would be ap-south-1.
- AWS Credential: AWS credential that provides Access key and Secret key to access Cloudwatch.
- Period (in minutes): Specifies the interval in minutes at which data is collected. Data collection occurs once every specified period. The period should be between 1 - 60 minutes.
Firewall Requirement
To collect data from this O11ySource, ensure the following ports are opened:
| Source IP | Destination IP | Destination Port | Protocol | Direction |
|---|---|---|---|---|
| vuSmartMaps IP | AWS CloudWatch IPs | 443* | TCP | Outbound |
*Before providing the firewall requirements, please update the port based on the customer environment.
Configuring the Target
Health and Performance metrics of AWS WAF is collected through CloudWatch service. So AWS CloudWatch services must be enabled in your AWS account.
An IAM role or user with the following permissions to access CloudWatch metrics:
- cloudwatch:GetMetricData
- cloudwatch:ListMetrics
Configuration Steps
Enablethe O11ySource.- Select the sources tab and press the
+button to add a new instance that has to be monitored. - Provide the required configurations:
- *WAF Data Source Name
- *AWS Region
- *Credential
- *Period
- Click
Saveto close the data source window.
Metrics Collected
| Name | Description | Data Type |
|---|---|---|
| Timestamp | Timestamp at which metrics are collected from source. | DateTime64 |
| AllowedRequests | The number of web requests that the AWS WAF allowed. | UInt64 |
| BlockedRequests | The number of web requests that the AWS WAF blocked. | UInt64 |
| CountedRequests | The number of web requests that the AWS WAF counted. | UInt64 |
| PassedRequests | The number of web requests that passed through the AWS WAF. | UInt64 |
| CaptchaRequests | The number of web requests that had CAPTCHA controls applied. | UInt64 |
| RequestsWithValidCaptchaToken | The number of web requests that had CAPTCHA controls applied and that had a valid CAPTCHA token. | UInt64 |
| CaptchasAttempted | The number of solutions that were submitted by an end user in response to a CAPTCHA puzzle challenge. | UInt64 |
| CaptchasSolved | The number of CAPTCHA puzzle solutions submitted that successfully solved the puzzle. | UInt64 |
| ChallengeRequests | The number of web requests that had challenge controls applied. | UInt64 |
| RequestsWithValidChallengeToken | The number of web requests that had challenge controls applied and that had a valid challenge token. | UInt64 |
| Region | The AWS region where instance is running. | LowCardinality(String) |
| WebACL | The name of AWS WebACL | String |
| Rule | Web application firewall (WAF) rules are used to define how to inspect HTTP/HTTPS web traffic (requests) to an application, where and what parameters and conditions to look for in the request, and what action the WAF should take when a request matches those definitions | String |
| Tenant ID | Tenant ID | LowCardinality(String) |
| BU ID | BU ID | LowCardinality(String) |
| DocType | Document type of WAF | LowCardinality(String) |
