AWS WAFV2: Limits
|Distribution:||official part of Check_MK|
This check monitors limits for Web Application Firewalls (V2). Per
region, the check reports the number of Web Access Control Lists (ACLs),
the number of rule groups, the number of IP sets and the number of
regex sets. Furthermore, the check monitors the used Web ACL capacity
units (WCUs) per Web ACL.
To make this check work, you have to configure the related special
agent Amazon Web Services (AWS). Note that when configuring the agent,
there is the option to include Web ACLs in front of CloudFront resources
in the monitoring.
Default levels are set to 80, 90 percent and the default max. value is
set to the default limit provided by AWS, ie.:
- Web ACLs per region: 100
- Rule groups per region: 100
- IP sets per region: 100
- Regex sets per region: 100
- WCUs per Web ACL: 1,500
These levels are configurable using the WATO rule "AWS/WAFV2 Limits".
Note that if limits are enabled, all Web ACLs are fetched, regardless
of possibly configured restrictions to names or tags.
One service is created per monitored AWS region.