Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: Logging should be enabled on AWS WAFv2 regional and global web ACLs

Ensure logging is enabled on AWS WAFv2 regional and global web access control lists for enhanced security.

RuleLogging should be enabled on AWS WAFv2 regional and global web access control list (ACLs)
FrameworkGeneral Data Protection Regulation (GDPR)
Severity
Low

Rule Description:

This rule requires enabling logging on AWS WAFv2 regional and global web Access Control Lists (ACLs) to comply with the General Data Protection Regulation (GDPR). Logging allows monitoring and analysis of web traffic to ensure compliance with data protection regulations.

Troubleshooting steps:

  2. 1.
    Ensure that you have the necessary permissions to enable logging on WAFv2 ACLs.
  4. 2.
    Verify that you have enabled logging on both regional and global WAFv2 ACLs.
  6. 3.
    Confirm that the logging configuration is correctly set up and data is being logged.

Logging Configuration:

To enable logging on AWS WAFv2 regional and global web ACLs for GDPR compliance, follow these steps:

Step 1: Enable Logging on Regional Web ACL:

  2. 1.
    Open the AWS Management Console and navigate to the AWS WAFv2 service.
  4. 2.
    Select the desired regional web ACL that needs logging enabled.
  6. 3.
    Click on the "Logging and monitoring" tab in the web ACL configuration.
  8. 4.
    Enable logging by toggling the switch to the "On" position.
  10. 5.
    Choose the S3 bucket where you want to store the log files.
  12. 6.
    Optionally, customize the log file prefix or leave it as the default.
  14. 7.
    Save the configuration.

Step 2: Enable Logging on Global Web ACL:

  2. 1.
    Open the AWS Management Console and navigate to the AWS WAFv2 service.
  4. 2.
    Select the global web ACL for GDPR compliance logging.
  6. 3.
    Click on the "Logging and monitoring" tab in the web ACL configuration.
  8. 4.
    Enable logging by toggling the switch to the "On" position.
  10. 5.
    Choose the S3 bucket where you want to store the log files.
  12. 6.
    Optionally, customize the log file prefix or leave it as the default.
  14. 7.
    Save the configuration.

Troubleshooting:

If logging is not functioning as expected, use the following troubleshooting steps:

  2. 1.
    Verify that the IAM role or user used to configure logging has the necessary permissions to write to the specified S3 bucket.
  4. 2.
    Check the S3 bucket permissions and ensure that the AWS WAF service has proper access.
  6. 3.
    Review the AWS CloudTrail logs for any errors or warnings related to WAF logging configuration.
  8. 4.
    Validate the logging settings in the web ACL configuration and ensure they match the desired configuration.
  10. 5.
    Confirm that the S3 bucket specified for logging is accessible and correctly set up.
  12. 6.
    Check the CloudWatch Logs for any errors related to WAF logging.

Following these troubleshooting steps should help identify and resolve any issues with enabling logging on AWS WAFv2 regional and global web ACLs for GDPR compliance.

Is your System Free of Underlying Vulnerabilities?
Find Out Now