AWS::WAFv2::WebACL VisibilityConfig
Defines and enables Amazon CloudWatch metrics and web request sample collection.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "CloudWatchMetricsEnabled" :
Boolean
, "MetricName" :String
, "SampledRequestsEnabled" :Boolean
}
YAML
CloudWatchMetricsEnabled:
Boolean
MetricName:String
SampledRequestsEnabled:Boolean
Properties
CloudWatchMetricsEnabled
-
Indicates whether the associated resource sends metrics to Amazon CloudWatch. For the list of available metrics, see AWS WAF Metrics in the AWS WAF Developer Guide.
For web ACLs, the metrics are for web requests that have the web ACL default action applied. AWS WAF applies the default action to web requests that pass the inspection of all rules in the web ACL without being either allowed or blocked. For more information, see The web ACL default action in the AWS WAF Developer Guide.
Required: Yes
Type: Boolean
Update requires: No interruption
MetricName
-
A name of the Amazon CloudWatch metric dimension. The name can contain only the characters: A-Z, a-z, 0-9, - (hyphen), and _ (underscore). The name can be from one to 128 characters long. It can't contain whitespace or metric names that are reserved for AWS WAF, for example
All
andDefault_Action
.Required: Yes
Type: String
Minimum:
1
Maximum:
128
Update requires: No interruption
SampledRequestsEnabled
-
Indicates whether AWS WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the AWS WAF console.
Note
Request sampling doesn't provide a field redaction option, and any field redaction that you specify in your logging configuration doesn't affect sampling. The only way to exclude fields from request sampling is by disabling sampling in the web ACL visibility configuration.
Required: Yes
Type: Boolean
Update requires: No interruption