
AWS Edge Services - Analytics
Get deep insights about the traffic patterns of web applications, to harden WAF protections, tune delivery performance or improve your SEO ranking.
- Standard logs, which can be shipped to S3, CloudWatch Logs and Kinesis Data Firehose destinations within minutes. It's configured at distribution level, and does not incur CloudFront charges, but can incur charges for the delivery, ingestion, storage or access, depending on the log delivery destination that you select.
- Real Time logs, which are delivered to Kinesis Data Stream within seconds with an additional charge of $0.01 for every 1 Million log records. It's configured at cache behaviors with possibility for sampling, and it provides more log fields.
- Shipping to S3, usually used for archival requirements.
- Shipping to CloudWatch logs, usually used for security analysis with CloudWatch Log insights.
- Shipping to Kinesis Firehose, usually used for security analysis with tools such as OpenSearch or 3rd party SIEMs.
- CloudWatch Logs Insights: This feature allows you to interactively search and analyze WAF logs. It provides default queries to help identify security incidents and false positives, and you can create custom queries as needed.
- CloudWatch Contributor Insights: This feature helps create dashboards to identify top contributors to your traffic, such as top IP addresses, URIs, and user-agents, providing ongoing analysis capabilities
- Amazon Athena can be used to query WAF logs stored in Amazon S3. This service allows for complex analysis of traffic patterns, detection of false positives or negatives, and identification of new attack signatures
Any opinions in this post are those of the individual author and may not reflect the opinions of AWS.