Enable Logging Rule for AWS WAFv2 Web ACLs
Ensure logging is enabled on AWS WAFv2 regional and global web access control lists.
| Rule | Logging should be enabled on AWS WAFv2 regional and global web access control list (ACLs) |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ Low |
Rule Description
The rule requires that logging is enabled on AWS WAFv2 regional and global web access control lists (ACLs) to comply with the NIST 800-53 Revision 5 standard. Logging is essential for monitoring and analyzing the traffic flowing through ACLs to identify any security threats or suspicious activities.
Troubleshooting Steps
If logging is not already enabled on the AWS WAFv2 regional and global ACLs, follow the steps below to troubleshoot and enable logging:
- 1.
Verify Logging Disabled: Check if logging is already disabled on the ACLs by navigating to the AWS WAF console and selecting the appropriate regional or global ACL.
- 2.
Enable Logging: Enable logging on ACLs by following these steps:
a. Navigate to the AWS WAF console.
b. Select the appropriate regional or global ACL.
c. Click on the "Logging" tab.
d. Enable logging for the ACL by toggling the switch or checkbox provided.
e. Configure the required settings for logging such as log format, destination, etc., according to your organization's requirements.
f. Save the changes.
- 3.
Verify Logging Enabled: After enabling logging, verify that it is functioning correctly by performing the following checks:
a. Monitor the designated log destination (e.g., Amazon S3 bucket, AWS CloudWatch Logs) to ensure the logs are being generated.
b. Analyze the logs regularly to identify and address any security threats or anomalies.
Necessary Codes
No specific codes are required for this rule.
Remediation Steps
To remediate the issue and enable logging on AWS WAFv2 regional and global web ACLs, follow the step-by-step guide below:
- 1.
Open AWS WAF Console: Go to the AWS Management Console and open the AWS WAF service.
- 2.
Navigate to ACLs: Select the appropriate regional or global web ACL to enable logging.
- 3.
Access Logging Settings: Click on the "Logging" tab in the ACL's configuration.
- 4.
Enable Logging: Toggle the switch or checkbox to enable logging for the selected ACL.
- 5.
Configure Logging Settings: Set the log format (JSON or default) and choose the destination for the logs (e.g., CloudWatch Logs or an S3 bucket).
- 6.
Save Changes: Save the changes by clicking on the "Save" button.
- 7.
Verify Logging: Monitor the selected log destination (e.g., CloudWatch Logs or S3 bucket) to ensure that the logs for the ACL are being generated successfully.
By following these steps, you will enable logging on AWS WAFv2 regional and global web ACLs, helping you comply with the NIST 800-53 Revision 5 standard and ensuring effective monitoring and analysis of traffic.