Logging Rule for AWS WAFv2 Web ACLs

This rule focuses on enabling logging for AWS WAFv2 regional and global web access control lists.

Rule	Logging should be enabled on AWS WAFv2 regional and global web access control list (ACLs)
Framework	FedRAMP Low Revision 4
Severity	✔ Low

Rule Description:

This rule requires that logging is enabled on AWS WAFv2 regional and global web access control lists (ACLs) for FedRAMP Low Revision 4 compliance. Logging plays a crucial role in monitoring and detecting potential security threats and can provide valuable insights for incident response and compliance audits.

Troubleshooting Steps:

1.
Verify WAFv2 Configuration: Check if WAFv2 is correctly configured in your AWS account.

2.
Check Logging Configuration: Ensure that logging is enabled for regional and global web ACLs.

3.
Review IAM Permissions: Confirm that the IAM role associated with your WAFv2 ACLs has the necessary permissions to write logs to the desired destination.

4.
Verify Log Delivery: Ensure that the logs are delivered to the intended logging destination, such as CloudWatch Logs or an S3 bucket.

Necessary Code:

No specific code is required for this rule. However, you might need to execute the necessary AWS CLI commands to enable logging on your WAFv2 regional and global web ACLs.

Remediation Steps:

Follow the step-by-step guide below to enable logging on AWS WAFv2 regional and global web ACLs:

Step 1: Access AWS Management Console

1.
Open the AWS Management Console and navigate to the AWS WAF service.

Step 2: Select Web ACL

1.
Select the regional or global web ACL for which you want to enable logging.

Step 3: Enable Logging

1.
In the selected web ACL, go to the "Logging and Metrics" tab.

2.
Click on the "Edit" button.

Step 4: Choose Logging Destination

1.
Select the desired logging destination, such as CloudWatch Logs or an S3 bucket.

2.
Provide the necessary details for the chosen logging destination, like the log group name for CloudWatch Logs or the S3 bucket path.

Step 5: Enable Logging

1.
Enable logging by switching the toggle or checkbox to the "On" position.

2.
Save the changes.

Step 6: Verify Logging

1.
Validate that the logging is enabled and the logs are being delivered to the designated logging destination.

2.
Perform periodic checks to ensure the logs are being generated as expected.

Following these steps will enable logging on the specified AWS WAFv2 regional and global web ACLs, helping to achieve compliance with the FedRAMP Low Revision 4 requirements.

Logging Rule for AWS WAFv2 Web ACLs

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step 1: Access AWS Management Console

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step 2: Select Web ACL

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step 3: Enable Logging

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step 4: Choose Logging Destination

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step 5: Enable Logging

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step 6: Verify Logging

Is your System Free of Underlying Vulnerabilities? Find Out Now