Logging Rule for AWS WAFv2 Web ACLs
This rule ensures logging is enabled on AWS WAFv2 regional and global web access control lists.
| Rule | Logging should be enabled on AWS WAFv2 regional and global web access control list (ACLs) |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ Low |
Rule Description
This rule enforces the logging of AWS WAFv2 regional and global web access control list (ACLs) in order to comply with NIST 800-53 Revision 5. Enabling logging allows for monitoring, analysis, and auditing of traffic to identify potential security incidents and aid in the investigation process.
Troubleshooting Steps
If logging is not enabled for AWS WAFv2 regional and global web ACLs, follow the troubleshooting steps below:
- 1.
Verify AWS WAFv2 configuration: Ensure that AWS WAFv2 is correctly configured for regional and global web ACLs.
- 2.
Check logging settings: Review the logging settings for AWS WAFv2 regional and global web ACLs to ensure they are enabled.
- 3.
Validate IAM permissions: Confirm that the IAM user or role associated with AWS WAFv2 has the necessary permissions to enable logging.
- 4.
Verify resource associations: Ensure that the regional and global web ACLs are associated with the correct resources for logging.
Necessary Code Example
Depending on your specific configuration and requirements, the code example below demonstrates how to enable logging on AWS WAFv2 regional and global web ACLs using the AWS Command Line Interface (CLI).
# Enable logging for regional web ACL aws wafv2 update-web-acl \ --web-acl-arn <regional-web-acl-arn> \ --log-destination-config '{"logDestinationType": "KINESIS_FIREHOSE", "logDestination": "arn:aws:kinesisfirehose:<region>:<account-id>:deliverystream/<firehose-stream>"}' \ --defaults-action get \ --cli-input-json file://enable-logging-regional-webacl.json # Enable logging for global web ACL aws wafv2 update-web-acl \ --web-acl-arn <global-web-acl-arn> \ --log-destination-config '{"logDestinationType": "KINESIS_FIREHOSE", "logDestination": "arn:aws:kinesisfirehose:<region>:<account-id>:deliverystream/<firehose-stream>"}' \ --defaults-action get \ --scope GLOBAL \ --cli-input-json file://enable-logging-global-webacl.json
Make sure to replace
<regional-web-acl-arn><global-web-acl-arn><region><account-id><firehose-stream>Remediation Steps
To remediate the logging issue for AWS WAFv2 regional and global web ACLs, follow the step-by-step guide below:
- 1.
Log in to the AWS Management Console.
- 2.
Navigate to the AWS WAFv2 service.
- 3.
Select the appropriate regional web ACL for which logging needs to be enabled.
- 4.
Click on the "Logging" tab.
- 5.
Enable logging by specifying the desired log destination, such as an Amazon Kinesis Data Firehose delivery stream.
- 6.
Save the changes and exit the configuration.
- 7.
Repeat steps 3-6 for the global web ACL if applicable.
- 8.
Verify that logging is enabled by checking the logging settings for both regional and global web ACLs.
By following these steps, you will successfully enable logging for AWS WAFv2 regional and global web ACLs and comply with NIST 800-53 Revision 5.