Step 4: Configure Amazon SNS notifications and Amazon CloudWatch alarms - AWS WAF, AWS Firewall Manager, and AWS Shield Advanced
Configure Amazon CloudWatch alarms

Step 4: Configure Amazon SNS notifications and Amazon CloudWatch alarms

You can continue from this step without configuring Amazon SNS notifications or CloudWatch alarms. However, configuring these alarms and notifications significantly increases your visibility into possible DDoS events.

You can monitor your protected resources for potential DDoS activity using Amazon SNS. To receive notification of possible attacks, create an Amazon SNS topic for each Region.

To create an Amazon SNS topic in Firewall Manager (console)

  1. Sign in to the AWS Management Console using your Firewall Manager administrator account, and then open the Firewall Manager console at https://console.aws.amazon.com/wafv2/fmsv2. For information about setting up a Firewall Manager administrator account, see AWS Firewall Manager prerequisites.

    Note

    For information about setting up a Firewall Manager administrator account, see AWS Firewall Manager prerequisites.

  2. In the navigation pane, under AWS FMS, choose Settings.

  3. Choose Create new topic.

  4. Enter a topic name.

  5. Enter an email address that the Amazon SNS messages will be sent to, and then choose Add email address.

  6. Choose Update SNS configuration.

Configure Amazon CloudWatch alarms

Shield Advanced records detection, mitigation, and top contributor metrics in CloudWatch that you can monitor. For more information, see AWS Shield Advanced metrics. CloudWatch incurs additional costs. For CloudWatch pricing, see Amazon CloudWatch Pricing.

To create a CloudWatch alarm, follow the instructions in Using Amazon CloudWatch Alarms. By default, Shield Advanced configures CloudWatch to alert you after just one indicator of a potential DDoS event. If needed, you can use the CloudWatch console to change this setting to alert you only after multiple indicators are detected.

Note

In addition to the alarms, you can also use a CloudWatch dashboard to monitor potential DDoS activity. The dashboard collects and processes raw data from Shield Advanced into readable, near real-time metrics. You can use statistics in Amazon CloudWatch to gain a perspective on how your web application or service is performing. For more information, see What is CloudWatch in the Amazon CloudWatch User Guide.

For instructions about creating a CloudWatch dashboard, see Monitoring with Amazon CloudWatch. For information about specific Shield Advanced metrics that you can add to your dashboard, see AWS Shield Advanced metrics.