Performance

The Dynamic Object and Rule Extensions for AWS Network solution offers near real-time resolution of AWS resources encapsulated by custom defined objects. However, it is important to note, that the resolution time is a function of the total number of distinct objects being referenced across all rules within the rule group. As the number of referenced objects increases, the resolution time also increases linearly as shown in the graph below.

Rule group resolution using Dynamic Object and Rule Extensions for AWS Network Firewall solution

Rule group resolution time with respect to number of distinct objects referenced

To ensure performance of the solution, the capacity of the rule group ARN must be configured accordingly. We recommend setting the rule group capacity to at least 15,000.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Operational metrics and alarms

Source code