
AWS Edge Services - Monitoring
Monitoring application delivery helps detecting unusual events and respond to them appropriately.
- CloudFront emits the following metrics: Requests, Bytes downloaded, Bytes uploaded, 4xx error rate, 5xx error rate and Total error rate. Note that these metrics are available in us-east-1 region since CloudFront is a global service. For an extra cost, you can enable additional metrics such as cache hit rate, origin latency and error rate for specific status codes.
- CloudFront Functions emits the following metrics in us-east-1 region: invocations, validation errors, execution errors, compute utilization and throttles.
- Lambda@Edge is based on AWS Lambda, and as of such, it emits a subset of its metrics such as invocations, errors, duration, concurrent executions and throttles. In contrast with CloudFront Functions, Lambda@Edge metrics in each region where it's executed by CloudFront. The CloudFront console offers a consolidated view of these metrics across all regions.
- AWS WAF emits the following metrics: allowed requests, blocked requests, counted requests, requests verified with Captcha, requests verified by a challenge, etc.. Each metric can be measured with a level of granularity such as by WebACL, rule, country, device, etc... Note that AWS WAF metrics are available in us-east-1 region when the WebACL is applied to CloudFront.
- Shield Advanced emits metrics for detected DDoS attacks, such attack Bits per second, packets per second, and requests per second.
You can create a CloudWatch dashboard based on the above metrics emitted by AWS Edge Services, even if the metrics were across multiple regions and accounts. The below example is a security dahsboard based on metrics emiited by AWS WAF rules.
- Configuring metric filters on logs sent to CloudWatch Logs. For example, you can configure your CloudFront Function to log the occurrences of requests with a certain query string, and use a metric filter to count these occurrences.
- Processing CloudFront and WAF logs sent to Kinesis using Lambda to emit custom metrics. Consider this example implementation.
Any opinions in this post are those of the individual author and may not reflect the opinions of AWS.