AWS Config Rule: WAF Global Web ACL Not Empty
WAF_GLOBAL_WEBACL_NOT_EMPTY
Eduardo Van Cauteren
Last Update 2 months ago
Description: Checks whether a WAF Global Web ACL contains any WAF rules or rule groups. This rule is NON_COMPLIANT if a Web ACL does not contain any WAF rule or rule group.
Trigger type: Configurational Changes
AWS Region: Only available in US East (N. Virginia) Region
How to Resolve Manually
This rule evaluates if a WAF Global Web ACL includes rules or rule groups. If the Web ACL doesn't contain at least one rule / rule group, the AWS Config Rule will be marked as non-compliant.
You can resolve this by deleting the Web ACL if it's not being used or add a rule or rule group to it.
To add a rule, head on over to the WAF & Shield service and then click on Switch to AWS WAF Classic from the left side menu.
Click on Web ACLs and in the Filter dropdown menu choose Global (CloudFront) region. From the list, click on the name of the ACL that is not compliant and finally click on the Edit web ACL button to add a rule or rule group.
Check the following screenshot as reference:
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here
