Cloud Defense Logo

Products

Solutions

Company

Logging Rule for AWS WAFv2 Web ACL

This rule mandates enabling logging on AWS WAFv2 regional and global web access control lists.

RuleLogging should be enabled on AWS WAFv2 regional and global web access control list (ACLs)
FrameworkNIST 800-53 Revision 5
Severity
Low

AWS WAFv2 Logging for NIST 800-53 Revision 5 Compliance

Rule Description

This rule ensures that logging is enabled on AWS WAFv2 regional and global web access control lists (ACLs) to adhere to the NIST 800-53 Revision 5 compliance requirements. Enabling logging provides visibility into web traffic and allows for effective monitoring and analysis of potential security incidents.

Troubleshooting Steps

  1. 1.

    Verify the AWS WAFv2 regional and global web ACLs:

    • Ensure that both regional and global ACLs exist for the desired AWS resources.
    • Confirm that the ACLs are associated with appropriate resources, such as Amazon CloudFront distributions or Application Load Balancers.
  2. 2.

    Enable logging on the web ACLs:

    • Navigate to the AWS WAFv2 console.
    • Select the desired web ACL (either regional or global).
    • Go to the Logging tab.
    • Check if logging is already enabled. If not, follow the steps to enable it:
      • Choose "Edit logging configuration" and enable logging for the desired target, such as Amazon Kinesis Data Firehose or Amazon S3.
      • Configure the necessary settings, including the destination bucket or stream, prefix, and IAM roles.
  3. 3.

    Verify the logging settings:

    • Ensure that the logs are being delivered to the desired destination, for example, an S3 bucket or a Kinesis Data Firehose stream.
    • Verify the accessibility and permissions of the logging destination.

Necessary Codes

No specific codes are required for this rule. The steps provided above are sufficient for enabling logging on AWS WAFv2 regional and global web ACLs.

Remediation Steps

To remediate the issue:

  1. 1.

    Log in to the AWS Management Console.

  2. 2.

    Navigate to the AWS WAFv2 service.

  3. 3.

    Select the desired regional or global web ACL.

  4. 4.

    Switch to the Logging tab.

  5. 5.

    If logging is already enabled, no further action is required. If not, follow the steps below.

  6. 6.

    Click on "Edit logging configuration."

  7. 7.

    Choose the desired target for logging, such as Amazon Kinesis Data Firehose or Amazon S3.

  8. 8.

    Configure the necessary settings for the logging destination, including the bucket/stream name, prefix, and IAM roles.

  9. 9.

    Save the configuration changes.

  10. 10.

    Verify that the logs are being delivered to the desired destination.

  11. 11.

    Validate the accessibility and permissions of the logging destination.

By following these steps, you will enable logging on AWS WAFv2 regional and global web ACLs, ensuring compliance with NIST 800-53 Revision 5 requirements.

Note: It is essential to consult official AWS documentation and the NIST 800-53 Revision 5 standards for more in-depth understanding and to stay up to date with any changes or updates.

Is your System Free of Underlying Vulnerabilities?
Find Out Now