Enabling Logging Rule for AWS WAFv2 Web ACLs
This rule ensures logging is enabled on AWS WAFv2 regional and global web access control lists.
| Rule | Logging should be enabled on AWS WAFv2 regional and global web access control list (ACLs) |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ Low |
Rule Description: Logging on AWS WAFv2 Regional and Global Web Access Control Lists (ACLs) for NIST 800-171 Revision 2
Description:
To comply with the security requirements of NIST 800-171 Revision 2, logging should be enabled on AWS WAFv2 Regional and Global Web Access Control Lists (ACLs). Logging helps monitor and troubleshoot the traffic flow, detect and investigate potential security incidents, and enable forensic analysis.
Troubleshooting Steps:
In case logging is not enabled on AWS WAFv2 ACLs, follow the troubleshooting steps below:
- 1.
Verify WAFv2 ACL Logging Settings:
- Go to the AWS Management Console.
- Navigate to the AWS WAFv2 service.
- Select the appropriate regional or global ACL.
- Check if logging is enabled for the ACL.
- 2.
Enable Logging on AWS WAFv2 ACL:
- If logging is not enabled, select the ACL and click on the "Logging" tab.
- Toggle the "Logging status" switch to enable logging.
- Define the necessary settings such as the Amazon S3 bucket to store the logs and the log file format.
- Save the changes.
- 3.
Verify Log Delivery Configuration:
- Ensure that the Amazon S3 bucket specified for logging is properly configured to receive the logs.
- Confirm that the appropriate permissions are set for the WAFv2 service to write logs to the bucket.
- Double-check the log file format if it aligns with your requirements.
- 4.
Enable S3 Bucket Access Logging (Optional):
- It is recommended to enable access logging on the S3 bucket that stores WAFv2 ACL logs.
- Access logging can provide insights into who accessed the bucket, their actions, and other useful information.
- Configure access logs for the bucket through the S3 Bucket settings.
Necessary Code:
No code is required for enabling logging on AWS WAFv2 ACLs. The configuration can be done through the AWS Management Console.
Remediation Steps:
To enable logging on AWS WAFv2 Regional and Global Web Access Control Lists (ACLs) for NIST 800-171 Revision 2, follow the step-by-step guide below:
- 1.
Open the AWS Management Console.
- 2.
Navigate to the AWS WAFv2 service.
- 3.
Select the desired regional or global ACL to enable logging.
- 4.
Click on the "Logging" tab.
- 5.
Toggle the "Logging status" switch to enable logging.
- 6.
Configure the logging settings:
- Choose the Amazon S3 bucket where you want to store the logs.
- Specify the log file format according to your requirements.
- 7.
Save the changes.
- 8.
Verify that the specified Amazon S3 bucket is properly configured to receive the logs and has the necessary permissions.
- 9.
(Optional) Enable access logging on the S3 bucket to gain additional insights into bucket activity.
Conclusion:
Enabling logging on AWS WAFv2 ACLs ensures compliance with the security requirements of NIST 800-171 Revision 2. By following the troubleshooting steps and remediation guide provided, you can effectively configure logging settings and monitor the traffic flow on your WAFv2 ACLs.