Enable CloudWatch Metrics for AWS WAF Rules
This rule ensures CloudWatch metrics are enabled for AWS WAF rules, providing insights into traffic patterns and potential security threats.
| Rule | AWS WAF rules should have CloudWatch metrics enabled |
| Framework | AWS Foundational Security Best Practices |
| Severity | ✔ Medium |
Rule Description:
AWS WAF rules should have CloudWatch metrics enabled to monitor and track the performance and behavior of the web application firewall. Enabling CloudWatch metrics ensures visibility into the effectiveness of AWS WAF rules and helps in complying with AWS Foundational Security Best Practices.
Troubleshooting Steps:
If CloudWatch metrics are not enabled for AWS WAF rules, follow these steps:
- 1.Check the AWS WAF console to verify if CloudWatch metrics are enabled.
- 2.If metrics are not enabled, proceed with enabling them using the AWS CLI or management console.
Necessary Codes:
Below is the AWS CLI command to enable CloudWatch metrics for AWS WAF rules:
aws waf update-web-acl --web-acl-id <web-acl-id> --metric-name-sets "FULL" --region <region>
Step-by-Step Guide for Remediation:
- 1.Open the AWS WAF console.
- 2.Navigate to the AWS WAF rules section.
- 3.Select the specific WAF rule for which you want to enable CloudWatch metrics.
- 4.Click on the "Edit" or "Actions" button for the selected rule.
- 5.Look for an option related to enabling CloudWatch metrics.
- 6.Enable the CloudWatch metrics by selecting the appropriate settings.
- 7.Save the changes.
- 8.Optionally, you can use the AWS CLI command mentioned above to enable CloudWatch metrics programmatically.
By following the above steps and enabling CloudWatch metrics for AWS WAF rules, you ensure better monitoring and adherence to AWS Foundational Security Best Practices.