AWS WAF does not have associated rules
Description
AWS WAF is a web application firewall that helps protect web applications from attacks by allowing you to configure rules that allow, block, or monitor (count) web requests based on conditions that you define. These conditions include IP addresses, HTTP headers, HTTP body, URI strings, SQL injection and cross-site scripting.
Code Example
go
{
"resource "aws_wafv2_web_acl" "example" {
name = "managed-rule-example"
description = "Example of a managed rule."
scope = "REGIONAL"
default_action {
allow {}
}
+ rule {
name = "rule-1"
priority = 1
override_action {
count {}
}
statement {
managed_rule_group_statement {
name = "AWSManagedRulesCommonRuleSet"
vendor_name = "AWS"
excluded_rule {
name = "SizeRestrictions_QUERYSTRING"
}
excluded_rule {
name = "NoUserAgent_HEADER"
}
scope_down_statement {
geo_match_statement {
country_codes = ["US", "NL"]
}
}
}
}
visibility_config {
cloudwatch_metrics_enabled = false
metric_name = "friendly-rule-metric-name"
sampled_requests_enabled = false
}
}
tags = {
Tag1 = "Value1"
Tag2 = "Value2"
}
visibility_config {
cloudwatch_metrics_enabled = false
metric_name = "friendly-metric-name"
sampled_requests_enabled = false
}
}
",
}Remediation
Terraform
- Resource: aws_wafv2_web_acl
- Attribute rule - (Optional) The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0224 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AWS_175 |