Logging Rule for AWS WAFv2 Web ACLs
Ensure logging is enabled on AWS WAFv2 regional and global web access control list (ACLs).
| Rule | Logging should be enabled on AWS WAFv2 regional and global web access control list (ACLs) |
| Framework | SOC 2 |
| Severity | ✔ Low |
Description
AWS WAFv2 is a web application firewall service that helps protect your web applications from common web exploits. Enabling logging on AWS WAFv2 regional and global web access control lists (ACLs) is a crucial security measure to ensure compliance with SOC 2 requirements. SOC 2 is a widely recognized auditing standard that focuses on the security, availability, processing integrity, confidentiality, and privacy of customer data.
Enabling logging allows you to collect and analyze logs of web requests that are inspected by the ACLs. These logs provide valuable insights into potential security threats, helping you monitor and audit your web application traffic. By enabling logging on AWS WAFv2 ACLs, you can effectively track and investigate any suspicious activities, meet compliance requirements, and strengthen your overall security posture.
Troubleshooting Steps (if applicable)
- 1.Ensure that you have the necessary permissions to enable logging on AWS WAFv2 ACLs. You should have the appropriate IAM roles or policies that allow you to access and modify the related resources.
- 2.Verify that AWS WAFv2 is enabled in the desired AWS region. Some older regions may still be using the legacy AWS WAF service, which does not support logging on ACLs. Confirm that AWS WAFv2 is available in your region by referring to the AWS Regional Services List documentation.
- 3.Check if the ACL already has logging enabled. If logging is already enabled, you can skip the steps for enabling it. Use the AWS WAFv2 API or AWS Command Line Interface (CLI) to retrieve the current configuration of the ACL and verify the logging settings.
Necessary Codes (if applicable)
There are no specific codes for enabling logging on AWS WAFv2 ACLs. Instead, you need to perform the following steps using the AWS Management Console or the AWS CLI.
Step-by-Step Guide for Remediation
Enabling Logging on AWS WAFv2 ACLs (AWS Management Console):
- 1.Open the AWS Management Console and navigate to the AWS WAF & Shield service.
- 2.Select the desired AWS region where your ACL is located.
- 3.In the left navigation pane, click on "Web ACLs".
- 4.Select the ACL for which you want to enable logging.
- 5.Click on the "Logging and Metrics" tab.
- 6.Under "Logging", click on the "Edit" button.
- 7.Enable the toggle switch for "Logging" to turn it on.
- 8.Optionally, customize the log destination settings, such as Amazon Kinesis Data Firehose or Amazon CloudWatch Logs.
- 9.Click on "Save Changes" to enable logging on the ACL.
Enabling Logging on AWS WAFv2 ACLs (AWS CLI):
- 1.Install and set up the AWS CLI on your local machine if you haven't already.
- 2.Open the command prompt or terminal.
- 3.Run the following command to enable logging on the ACL:
aws wafv2 put-logging-configuration --resource-arn <acl-arn> --logging-configuration '{"LogDestinationConfigs": ["<log-destination-arn>"]}'
Replace
<acl-arn><log-destination-arn>- 1.Optionally, you can customize the
parameter to specify multiple log destinations if needed.LogDestinationConfigs
Conclusion
Enabling logging on AWS WAFv2 regional and global web access control lists for SOC 2 compliance helps in monitoring and auditing web application traffic, identifying potential security threats, and maintaining a secure environment. By following the remediation steps, you can ensure that logging is correctly enabled on your AWS WAFv2 ACLs, providing valuable insights for your security and compliance needs.