CloudWatch metrics commonly used for health checks with Shield Advanced - AWS WAF, AWS Firewall Manager, and AWS Shield Advanced

CloudWatch metrics commonly used for health checks with Shield Advanced

This section lists the Amazon CloudWatch metrics that are commonly used in health checks to measure application health during distributed denial of service (DDoS) events. For full information about the CloudWatch metrics for each resource type, see the list that follows the table.

Metrics used to monitor application health

Resource Metric Description

Route 53

HealthCheckStatus

The status of the health check endpoint.

CloudFront

5xxErrorRate

The percentage of all requests for which the HTTP status code is 5xx. This indicates an attack that's impacting the application.

Application Load Balancer

HTTPCode_ELB_5XX_Count

The number of HTTP 5xx client error codes generated by the load balancer.

Application Load Balancer

RejectedConnectionCount

The number of connections that were rejected because the load balancer reached its maximum number of connections.

Application Load Balancer

TargetConnectionErrorCount

The number of connections that were not successfully established between the load balancer and the target.

Application Load Balancer

TargetResponseTime

The time elapsed in seconds after the request leaves the load balancer and when it receives a response from the target.

Application Load Balancer

UnHealthyHostCount

The number of targets that are considered unhealthy.

Amazon EC2

CPUUtilization

The percentage of allocated EC2 compute units that are currently in use.

Amazon CloudWatch metrics for each resource type

For additional information about the metrics that are available for your protected resources, see the following sections in the resource guides: