Rule: ELB Application Load Balancers with WAF Enabled

Rule Description: Enable Web Application Firewall (WAF) for ELB application load balancers in compliance with the Federal Financial Institutions Examination Council (FFIEC).

Troubleshooting Steps:

2. 1.

   Verify IAM Permissions: Ensure that the IAM user or role used to enable the WAF has the necessary permissions. The user or role should have the "AWSWAFReadOnlyAccess" or "AWSWAFFullAccess" policy attached.

4. 2.

   Check WAF Capacity: Confirm that you have sufficient WAF capacity units available in your AWS account. You can check this by navigating to the AWS WAF console and inspecting the "WAF Capacity Units" section. If there are no available units, you may need to request an increase in WAF capacity.

6. 3.

   Verify ELB Configuration: Double-check the configuration of your ELB application load balancers. Ensure that they are correctly associated with the appropriate AWS resources, such as EC2 instances or AWS Lambda functions.

8. 4.

   Review WAF Rules: Examine the WAF rules applied to your ELB. Make sure that the rules align with FFIEC requirements and adequately protect against common web application vulnerabilities, such as SQL injection or cross-site scripting attacks.

10. 5.

    Monitor WAF Logs: Monitor the WAF logs to identify any potential issues or suspicious activities. The logs can provide valuable insights into the traffic passing through the WAF and help detect and mitigate potential security threats.

Necessary Codes:

Step-by-Step Guide for Remediation:

2. 1.

   Log in to the AWS Management Console at https://console.aws.amazon.com.

4. 2.

   Navigate to the AWS WAF service by clicking on "Services" in the top menu bar and selecting "WAF & Shield."

6. 3.

   In the WAF & Shield console, select "Web ACLs" from the sidebar menu.

8. 4.

   Click on the "Create web ACL" button.

10. 5.

    Provide a name for your web ACL and an optional description to help identify it later.

12. 6.

    Select the region where your ELB application load balancers are deployed.

14. 7.

    Choose the rule group that aligns with the FFIEC requirements or create custom rules tailored to your specific needs.

16. 8.

    Define the rules within the rule group to protect against common web application vulnerabilities.

18. 9.

    Choose the action to take when a rule within the rule group is triggered. You can either allow the traffic or block requests that match the rule conditions.

20. 10.

    Click on the "Next" button to review and create the web ACL.

22. 11.

    Review the summary of your web ACL configuration and click on the "Create web ACL" button to enable the WAF.

24. 12.

    Once the web ACL is created, navigate to your ELB application load balancer settings.

26. 13.

    Click on the "Listeners" tab and select the appropriate listener.

28. 14.

    In the "Edit Listener" screen, scroll down to find the "Default actions" section.

30. 15.

    Click on the "Add action" button and select "Forward to web ACL" from the dropdown menu.

32. 16.

    Choose the web ACL you created in step 5 from the list.

34. 17.

    Click on the "Save" or "Update" button to apply the changes.

36. 18.

    Wait a few minutes for the changes to propagate and the WAF to become fully operational.