Rule: Logging should be enabled on AWS WAFv2 Web ACLs

Rule Description: Logging enablement for AWS WAFv2 regional and global web access control list (ACLs) is necessary to comply with the RBI Cyber Security Framework.

Troubleshooting Steps:

2. 1.
   Verify that you have the necessary permissions to enable logging for web ACLs.
4. 2.
   Ensure that your AWS WAFv2 regional and global web ACLs are properly configured and associated with the desired resources.

Necessary Codes:

Step-by-Step Guide:

2. 1.

   Sign in to the AWS Management Console:

   • Open a web browser and navigate to the AWS Management Console (https://console.aws.amazon.com).
   • Enter your credentials to sign in to your AWS account.
4. 2.

   Navigate to AWS WAFv2 ACLs:

   • In the AWS Management Console, search for "WAF" in the services search bar and choose "AWS WAFv2" from the results.
   • Click on the "Web ACLs" tab in the left-hand navigation pane.
6. 3.

   Select the Web ACL to Enable Logging:

   • Select the appropriate regional or global web ACL from the list that you want to enable logging for.
8. 4.

   Enable Logging for the Web ACL:

   • In the right-hand pane, click on the "Logging" tab.
   • Toggle the logging switch to the "Enabled" position.
   • Configure the desired settings for logging, such as S3 bucket destination, log file format, and data retention period. Ensure that these settings comply with the requirements of the RBI Cyber Security Framework.
10. 5.

    Save the Logging Configuration:

    • Click on the "Save" button to save the logging configuration for the web ACL.
12. 6.

    Repeat for Other Web ACLs:

    • If you have multiple regional or global web ACLs, repeat steps 3 to 5 for each web ACL that needs logging enabled.
14. 7.

    Verify Logging Status:

    • After enabling logging for each web ACL, check the logging status to ensure that it is successfully enabled.
    • In the "Web ACLs" tab, select the web ACL and go to the "Logging" tab.
    • Verify that the logging switch is in the "Enabled" position and review the logging configuration settings.
16. 8.

    Test Logging:

    • Perform tests against the resources protected by the web ACL to generate web traffic.
    • Verify that the logs are successfully generated and sent to the configured S3 bucket.
    • Review the logs to ensure that the desired information is being captured according to the requirements of the RBI Cyber Security Framework.
18. 9.

    Remediate any Issues:

    • If logging is not functioning as expected, ensure that the associated resources are properly configured and associated with the web ACL.
    • Verify that the required permissions are granted to enable logging.
    • Check for any errors or warnings in the AWS WAFv2 logging or associated cloud service logs.
    • If necessary, consult AWS documentation or contact AWS support for further assistance in resolving any logging-related issues.