AWS WAF is a managed web application firewall that monitors network traffic to secure the boundaries between applications and the public internet, protecting elements of the AWS architecture such as Amazon API Gateways, load balancers, and Amazon CloudFront distributions. Monitoring AWS WAF activity is essential for assessing its performance in managing incoming request traffic and broad-scale attacks from threat actors and bots. The firewall generates standard request metrics as well as metrics for its built-in CAPTCHA, challenge, and bot control components. These metrics provide insights into the effectiveness of web ACLs and rule groups, rules, and rule actions, allowing administrators to detect misconfigurations and identify potential security threats. AWS WAF offers various types of rule statements, including match, logical, rate-based, and rule group rules, which process incoming requests against a pre-configured set of criteria. The firewall also provides labels that are generated by each rule group and can be used to fine-tune metrics monitoring. Activity logs capture information about the requests processed by web ACLs, while audit logs record any activity associated with user updates or access to web ACL information. Monitoring AWS WAF activity is crucial for ensuring application security, and administrators should review specific scenarios such as top IP addresses, countries, user-agents, hosts, and web ACLs to identify signs of broad-scale malicious activity.