Additional metric targets retrievable through linking with AWS WAF integration

Hello, this is Nishiyama (id:tukaelu), CRE from the Mackerel team.

As mentioned in the title, we have added new metric targets that can be retrieved through linking with AWS WAF integration.

If you are using WAF for monitoring, it may have an impact on your usage fee due to changing microhosts. Please see below for details.

Contents of Specification Change

Support for managed rule monitoring

Until now, we have not supported managed rules monitoring, which is provided in AWS Marketplace, but in response to requests, we are now also supporting managed rules monitoring.

When using managed rules, if the IAM policy used for AWS integration has AWSWAFReadOnlyAccess attached to it, or if the waf:ListSubscribedRuleGroups, waf-regional:ListSubscribedRuleGroups actions are valid, additional metrics related to managed rules can now be retrieved.

New metrics have been added

The additional metrics below can now be retrieved.

Metric Metric name in Mackerel
RequestsWithValidCaptchaToken waf.web_acl_requests.#.valid_captcha_token
CaptchaRequests waf.web_acl_requests.#.captcha

For details regarding the metrics, please refer to the AWS documentation

Impact of the Specification Change

With this specification change, the maximum number of retrieved metrics will change as follows:

  • Current
    • Maximum of 4 × (number of rules) + 4<"ALL">
  • After the change
    • Maximum of 6 x (number of rules) + 6<"ALL">

The metrics retrieved from the AWS integration can be selected as desired through the configuration. They are retrieved by default, so please use an appropriate configuration based on your needs.