Rule: Logging should be enabled on AWS WAFv2 regional and global web access control list (ACLs)
This rule specifies the requirement for enabling logging on AWS WAFv2 regional and global web ACLs.
| Rule | Logging should be enabled on AWS WAFv2 regional and global web access control list (ACLs) |
| Framework | Federal Financial Institutions Examination Council (FFIEC) |
| Severity | ✔ Low |
Rule Description: Logging enablement on AWS WAFv2 regional and global web access control lists (ACLs) for Federal Financial Institutions Examination Council (FFIEC)
Overview
This rule ensures that logging is enabled for both regional and global web access control lists (ACLs) for Federal Financial Institutions Examination Council (FFIEC) purposes in AWS WAFv2. Enabling logging allows the collection of relevant data for auditing, monitoring, and analysis purposes.
Policy Details
By enabling logging on AWS WAFv2 regional and global web ACLs for FFIEC, you ensure compliance with security and regulatory requirements. Logging provides visibility into potential threats and helps in identifying any security breaches or vulnerabilities.
Troubleshooting Steps
If logging is not enabled on the AWS WAFv2 ACLs, you may need to troubleshoot the following:
- 1.Verify AWS WAFv2 ACLs: Ensure that the appropriate regional and global web ACLs are in place for FFIEC requirements.
- 2.Check Logging Configuration: Review the logging configuration for the web ACLs to confirm that logging is enabled.
- 3.Verify IAM Roles: Ensure that the IAM roles associated with the web ACLs have the necessary permissions to write logs to the desired destination, such as Amazon S3 or AWS CloudWatch Logs.
Necessary Codes (if applicable)
There are no specific codes provided for enabling logging on AWS WAFv2 ACLs. The configuration is applied through the AWS Management Console, AWS CLI, or AWS SDKs.
Step-by-Step Guide for Remediation
Follow these steps to enable logging on AWS WAFv2 regional and global web ACLs for FFIEC:
- 1.Access the AWS WAFv2 Console: Log in to the AWS Management Console and navigate to the AWS WAFv2 service.
- 2.Choose Web ACLs: From the sidebar, click on "Web ACLs" to view the list of existing web ACLs.
- 3.Select the Regional Web ACL: Identify the regional web ACL associated with FFIEC requirements and click on its name to access the details.
- 4.Enable Logging: In the web ACL details page, scroll down to the "Logging" section and click on the "Edit" button.
- 5.Configure Logging: Select the desired logging configuration options, such as the logging destination (e.g., Amazon S3, AWS CloudWatch Logs), the log format, and the logging frequency.
- 6.Save the Configuration: After selecting the appropriate logging settings, click on the "Save" button to apply the changes.
- 7.Repeat for Global Web ACL: Follow the same steps mentioned above for the global web ACL associated with FFIEC to enable logging.
Conclusion
Enabling logging on AWS WAFv2 regional and global web ACLs ensures compliance with FFIEC requirements and enhances security by providing visibility into potential threats. Following the step-by-step guide will help you enable logging and meet the necessary compliance standards.