Enabling Logging Rule for AWS WAFv2 Web ACLs
Guideline for ensuring logging on AWS WAFv2 regional and global web access control lists.
| Rule | Logging should be enabled on AWS WAFv2 regional and global web access control list (ACLs) |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ Low |
Rule Description
This rule ensures that logging is enabled on AWS WAFv2 regional and global web access control lists (ACLs) in compliance with NIST 800-53 Revision 5. Enabling logging provides visibility into the traffic that is being blocked or allowed by the ACLs, allowing for effective monitoring and analysis of potential security incidents.
Troubleshooting Steps
If logging is not enabled on AWS WAFv2 regional and global web ACLs, follow these troubleshooting steps to address the issue.
- 1.
Verify AWS WAFv2 logging status:
- Go to the AWS Management Console.
- Navigate to the AWS WAFv2 service.
- Select the appropriate regional or global web ACL that needs logging enabled.
- Check if logging is already enabled.
- 2.
Enable logging on regional and global web ACLs:
- If logging is not enabled, click on the edit icon of the ACL.
- Scroll down to the Logging configuration section.
- Enable logging by selecting the desired logging configuration option.
- Choose an existing Amazon Kinesis Data Firehose or create a new one.
- Configure the logging parameters as required.
- Save the changes.
- 3.
Verify logging configuration:
- Check if the logging configuration is correct and matches the requirements of NIST 800-53 Revision 5.
- 4.
Test logging functionality:
- Generate test traffic against the web ACLs to verify if the logs are being generated.
- Monitor the logs in the configured Amazon Kinesis Data Firehose or the chosen logging destination.
Necessary Codes
There are no specific codes required to enable logging on AWS WAFv2 regional and global web ACLs. The logging configuration is performed through the AWS Management Console.
Remediation Steps
Follow these step-by-step instructions to enable logging on AWS WAFv2 regional and global web ACLs:
- 1.
Login to the AWS Management Console.
- 2.
Navigate to the AWS WAFv2 service.
- 3.
Select the appropriate regional or global web ACL that needs logging enabled.
- 4.
If logging is not already enabled, click on the edit icon of the ACL.
- 5.
Scroll down to the Logging configuration section.
- 6.
Enable logging by selecting the desired logging configuration option.
- 7.
Choose an existing Amazon Kinesis Data Firehose or create a new one. Make sure it aligns with the requirements of NIST 800-53 Revision 5.
- 8.
Configure the logging parameters such as the delivery stream name, format, and permissions as required.
- 9.
Save the changes.
- 10.
Test the logging functionality by generating traffic against the web ACLs and monitoring the logs in the configured Amazon Kinesis Data Firehose or the chosen logging destination.
Note: Ensure that your logging configuration complies with NIST 800-53 Revision 5 and any other applicable security standards or regulations.
By following these steps, you can enable logging on AWS WAFv2 regional and global web ACLs, fulfilling the requirements of NIST 800-53 Revision 5.