Ensure that your Amazon WAF Web Access Control Lists (Web ACLs) are configured to capture information about all incoming requests. Amazon WAF is a web application firewall service that lets you monitor web requests that are forwarded to Amazon API Gateway APIs, Amazon CloudFront distributions, or Application Load Balancers in order to help protect them from attacks.
To get detailed information about the web traffic analyzed by your Web Access Control Lists (Web ACLs) you must enable logging. The log entries include the time that Amazon WAF received the request from your AWS resource, detailed information about the request, and the action for the rule that each request matched. You can also send these logs to an Amazon Kinesis Firehose delivery stream with a configured storage destination.
Audit
To determine if logging is enabled for Web Access Control Lists (Web ACLs), perform the following operations:
Remediation / Resolution
To enable logging for your Amazon WAF Web Access Control Lists (Web ACLs), perform the following operations:
References
- AWS Documentation
- AWS WAF - Web Application Firewall
- Managing and using a web access control list (web ACL)
- Logging web ACL traffic information
- AWS Command Line Interface (CLI) Documentation
- wafv2
- list-web-acls
- get-logging-configuration
- put-logging-configuration
- firehouse
- create-delivery-stream