Enable Logging Rule for AWS WAFv2 Web ACLs

Ensure logging is enabled on AWS WAFv2 regional and global web access control list (ACLs)

Rule	Logging should be enabled on AWS WAFv2 regional and global web access control list (ACLs)
Framework	FedRAMP Moderate Revision 4
Severity	✔ Low

Rule Description:

Logging should be enabled on AWS WAFv2 regional and global web access control list (ACLs) for FedRAMP Moderate Revision 4. This ensures that all relevant web traffic is recorded and can be reviewed for security analysis, compliance audits, and incident response purposes.

Troubleshooting Steps:

1.
Ensure you have the necessary permissions to enable logging on AWS WAFv2 ACLs.

2.
Check if the ACLs are properly configured and associated with your web resources.

3.
Verify if you have access to the AWS Management Console or command-line interface (CLI) to make the necessary changes.

Necessary Codes:

There are no specific codes provided for this rule. However, you will need to use AWS CLI commands to enable logging on the regional and global web ACLs.

Step-by-step Guide for Remediation:

1.

Open the AWS Management Console or access the AWS CLI.

2.
For Regional ACLs:

Using the AWS Management Console:
- Navigate to the AWS WAFv2 service.
- Select "Web ACLs" in the left-hand navigation panel.
- Choose the regional ACL you want to enable logging for.
- Click on the "Logging" tab.
- Enable the logging option and provide the necessary details such as the S3 bucket where logs should be stored.
- Save the changes.
Using AWS CLI:
- Run the following command to enable logging for a regional ACL:
  aws wafv2 put-logging-configuration --web-acl-arn <REGIONAL_ACL_ARN> --logging-configuration='{ "logDestinationConfigs": ["<S3_BUCKET_ARN>"] }'

3.
For Global ACLs:

Using the AWS Management Console:
- Navigate to the AWS WAFv2 service.
- Select "Web ACLs" in the left-hand navigation panel.
- Choose the global ACL you want to enable logging for.
- Click on the associated regional ACL link under "Regional Settings".
- In the regional ACL details page, follow the steps mentioned above for enabling logging on regional ACLs.
- Save the changes.
Using AWS CLI:
- Run the following command to enable logging for a global ACL:
  aws wafv2 put-logging-configuration --web-acl-arn <GLOBAL_ACL_ARN> --logging-configuration='{ "logDestinationConfigs": ["<S3_BUCKET_ARN>"] }'

4.
Verify the Changes:
- Check the specified S3 bucket to ensure that the logs are being correctly stored.
- Monitor the logs for any suspicious activity or irregularities.

Note: Ensure that you have appropriate permissions and replace the placeholder variables (<REGIONAL_ACL_ARN>, <S3_BUCKET_ARN>, <GLOBAL_ACL_ARN>) with the actual values specific to your environment.

By following the above steps, logging will be enabled on AWS WAFv2 regional and global web ACLs, allowing you to effectively track and analyze web traffic for FedRAMP Moderate Revision 4 compliance.

Enable Logging Rule for AWS WAFv2 Web ACLs

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Using the AWS Management Console:

Using AWS CLI:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Using the AWS Management Console:

Using AWS CLI:

Is your System Free of Underlying Vulnerabilities? Find Out Now

Using the AWS Management Console:

Using the AWS Management Console:

Is your System Free of Underlying Vulnerabilities?
Find Out Now