View this page in Japanese (日本語)
This repository provides CloudFormation templates to quickly set up CloudWatch Dashboard for AWS WAF. This template will allow you to get started more quickly by giving deployable prebuilt CloudWatch dashboards with commonly observed metrics and CloudWatch logs insights. You can add additional metrics depending on the WAF rule set you are using on AWS WAF.
If you have not yet created WebACL and CloudWatch Logs, you can use the CloudFormation template here to create a WebACL and enable CloudWatch logging.
To do the installation, click the Launch Stack button below or copy the template file from this repository (/cloudformation/) to a local folder, then open the AWS console in the CloudFormation service, click Create Stack, select with new resources, then in the Template source section select Upload a template file, click Choose file and choose the file you copied to your local folder.
In the next screen, set a name for the stack (it will use as the dashboard name) and fill in the required parameters, CloudWatch Log name, WAF region and WebACL name. Then click Next, and click Create stack on the last screen.
When the deployment process is complete, we can access the CloudWatch dashboard via its URL. You can find it in the Outputs tab of AWS CloudFormation:
The dashboard template provides multiple graphs and queries for you that are available out-of-the-box.
Example
Dashboard template includes the following widgets:
- Allowed vs Blocked Requests
- All Counted Requests
- Bot requests vs Non-bot requests (Require Bot control rule group)
- Percentage of Bot requests (Require Bot control rule group)
- Top Terminating Rules
- Top Countries
- Top User-agents
- Top IP Addresses
- Top Counted URIs
- Top Blocked URIs
- Top IP addresses and URI combination for all the Blocked requests (Use Contributor insights)
- Counted Requests Logs
- Blocked Requests Logs
- Logs Insights Query Form (Use Custom widget)
Please customize it according to the WAF rules you are using.
Below templates will create a Lambda function for the CloudWatch Logs insights query custom widget
Below templates will create a contributor insights rule to get the top IP addresses and URI combination.
The cost of this dashboard depends on the following factors :
- CloudWatch Logs ingest size
- CloudWatch Logs store size
- Number of CloudWatch Logs insights queries
- CloudWatch Logs insights query data ranges
- Number of Lambda invocations (If you use the custom widget)
- Contributor Insights Rule and Matched Log Events (If you use Contributor Insights)
Please see the CloudWatch pricing page to estimate the dashboard cost.