Enable Logging for AWS WAF Classic Global Web ACLs
This control checks if logging is enabled for AWS WAF Classic Global Web ACLs, crucial for maintaining security and compliance.
| Rule | AWS WAF Classic Global Web ACL logging should be enabled |
| Framework | AWS Foundational Security Best Practices |
| Severity | ✔ Medium |
Rule Description:
Enable logging for AWS WAF Classic Global Web ACL as part of AWS Foundational Security Best Practices. Logging helps in monitoring and analysis of traffic going through the WAF, providing visibility into potential threats and attacks.
Troubleshooting Steps:
If logging is not enabled for the AWS WAF Classic Global Web ACL, follow the steps below:
- 1.Check the AWS WAF Classic console to verify if logging is enabled for the Global Web ACL.
- 2.Ensure that the appropriate IAM permissions are set to allow logging configurations.
- 3.Review the AWS CloudWatch Logs to check for any logging related errors or issues.
Code:
If logging needs to be enabled via AWS CLI, use the following command:
aws waf create-byte-match-set --name <name> --change-action <change-action> --waf-log-geolocation
Remediation:
To enable logging for AWS WAF Classic Global Web ACL, follow the steps below:
- 1.Open the AWS WAF console.
- 2.In the navigation pane, choose "Logging & Metrics", and select the Global Web ACL for which you want to enable logging.
- 3.Click on "Edit Logging Configuration".
- 4.Enable logging and configure the log settings as per your requirements.
- 5.Click on "Save" to apply the changes.
By following these steps, logging for AWS WAF Classic Global Web ACL will be successfully enabled as per AWS Foundational Security Best Practices.