Check-Manual von aws_wafv2_limits

AWS WAFV2: Limits

Distribution Official part of Checkmk
Lizenz GPLv2
Unterstützte Agenten Aws
This check monitors limits for Web Application Firewalls (V2). Per region, the check reports the number of Web Access Control Lists (ACLs), the number of rule groups, the number of IP sets and the number of regex sets. Furthermore, the check monitors the used Web ACL capacity units (WCUs) per Web ACL.

To make this check work, you have to configure the related special agent Amazon Web Services (AWS). Note that when configuring the agent, there is the option to include Web ACLs in front of CloudFront resources in the monitoring.

Default levels are set to 80, 90 percent and the default max. value is set to the default limit provided by AWS, ie.:

- Web ACLs per region: 100

- Rule groups per region: 100

- IP sets per region: 100

- Regex sets per region: 100

- WCUs per Web ACL: 1,500

These levels are configurable using the WATO rule "AWS/WAFV2 Limits".

Note that if limits are enabled, all Web ACLs are fetched, regardless of possibly configured restrictions to names or tags.


One service is created per monitored AWS region.