AWS solutions documentation change
Summary
Updated formatting and added a heading for the CloudFront dashboard screenshot in monitoring documentation
Security assessment
The changes involve formatting improvements and adding a heading for a screenshot. While the content discusses security monitoring, the changes themselves do not add or modify security-related information.
Diff
diff --git a/solutions/latest/security-automations-for-aws-waf/build-monitoring-dashboard.md index ab3bb87ca..5858f86c9 100644 --- a/solutions/latest/security-automations-for-aws-waf/build-monitoring-dashboard.md +++ b/solutions/latest/security-automations-for-aws-waf/build-monitoring-dashboard.md @@ -7 +7 @@ -AWS recommends that you configure a custom baseline monitoring system for each critical endpoint. For information on creating and using customized metric views, refer to [CloudWatch Dashboards – Create & Use Customized Metrics Views](https://aws.amazon.com/blogs/aws/cloudwatch-dashboards-create-use-customized-metrics-views/) and [Using Amazon CloudWatch dashboards](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Dashboards.html). +AWS recommends that you configure a custom baseline monitoring system for each critical endpoint. For information on creating and using customized metric views, refer to [CloudWatch Dashboards - Create & Use Customized Metrics Views](https://aws.amazon.com/blogs/aws/cloudwatch-dashboards-create-use-customized-metrics-views/) and [Using Amazon CloudWatch dashboards](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Dashboards.html). @@ -11 +11,3 @@ The following dashboard screenshot shows an example of a custom baseline monitor - +**Screenshot of CloudFront dashboard** + + @@ -15 +17 @@ The dashboard displays the following metrics: - * **Allowed vs Blocked Requests** – Shows if you receive a surge in allowed access (twice the normal peak access) or blocked access (any period that identifies more than 1K blocked requests). CloudWatch sends an alert to a Slack channel. You can use this metric to track known DDoS attacks (when blocked requests increase) or a new version of an attack (when the requests are allowed to access the system). + * **Allowed vs Blocked Requests** \- Shows if you receive a surge in allowed access (twice the normal peak access) or blocked access (any period that identifies more than 1K blocked requests). CloudWatch sends an alert to a Slack channel. You can use this metric to track known DDoS attacks (when blocked requests increase) or a new version of an attack (when the requests are allowed to access the system). @@ -21 +23 @@ The dashboard displays the following metrics: - * **BytesDownloaded vs Uploaded** – Helps identify when a DDoS attack targets a service that normally doesn’t receive a large amount of access to exhaust resources (for example, search engine component sending MBs of information for one specific request parameters set). + * **BytesDownloaded vs Uploaded** \- Helps identify when a DDoS attack targets a service that normally doesn’t receive a large amount of access to exhaust resources (for example, search engine component sending MBs of information for one specific request parameters set). @@ -23 +25 @@ The dashboard displays the following metrics: - * **ELB Spillover and Queue length** – Helps verify if a DDoS attack is causing damage to the infrastructure and the attacker is bypassing CloudFront or the AWS WAF layer, and attacking directly unprotected resources. + * **ELB Spillover and Queue length** \- Helps verify if a DDoS attack is causing damage to the infrastructure and the attacker is bypassing CloudFront or the AWS WAF layer, and attacking directly unprotected resources. @@ -25 +27 @@ The dashboard displays the following metrics: - * **ELB Request Count** – Helps identify damage to the infrastructure. This metric shows if the attacker is bypassing the protection layer, or if you should review a CloudFront cache rule to increase the cache hit rate. + * **ELB Request Count** \- Helps identify damage to the infrastructure. This metric shows if the attacker is bypassing the protection layer, or if you should review a CloudFront cache rule to increase the cache hit rate. @@ -27 +29 @@ The dashboard displays the following metrics: - * **ELB Healthy Host** – You can use this as another system health check metric. + * **ELB Healthy Host** \- You can use this as another system health check metric. @@ -29 +31 @@ The dashboard displays the following metrics: - * **ASG CPU Utilization** – Helps identify if the attacker is bypassing CloudFront, AWS WAF, and Elastic Load Balancing. You can also use this metric to identify the damage of an attack. + * **ASG CPU Utilization** \- Helps identify if the attacker is bypassing CloudFront, AWS WAF, and Elastic Load Balancing. You can also use this metric to identify the damage of an attack.