AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
FMS Web ACL Should Have Rule Group Association
More Info:
Checks if the rule groups associate with the web ACL at the correct priority. The correct priority is decided by the rank of the rule groups in the ruleGroups parameter. When AWS Firewall Manager creates this rule, it assigns the highest priority 0 followed by 1, 2, and so on. The FMS policy owner specifies the ruleGroups rank in the FMS policy and can optionally enable remediation.
Risk Level
Medium
Address
Security
Compliance Standards
CBP
Triage and Remediation
Remediation
To remediate the misconfiguration of FMS Web ACL not having a Rule Group Association in AWS Firewall Manager using the AWS console, follow these step-by-step instructions:
-
Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/console/) and log in with your credentials.
-
Navigate to Firewall Manager: In the AWS Management Console, navigate to the Firewall Manager service by typing “Firewall Manager” in the search bar and selecting it from the options.
-
Select Policy: In the Firewall Manager dashboard, click on the policy that is associated with the Web ACL that needs to have a Rule Group Association.
-
Edit Policy: Click on the “Edit policy” button to make changes to the policy.
-
Add Rule Group Association: In the policy settings, look for the section where you can associate a Rule Group with the Web ACL. Click on the “Add Rule Group Association” button.
-
Select Rule Group: A list of available Rule Groups will be displayed. Select the appropriate Rule Group that you want to associate with the Web ACL.
-
Save Changes: After selecting the Rule Group, click on the “Save” or “Update” button to save the changes to the policy.
-
Review Changes: Review the changes made to the policy to ensure that the Rule Group has been successfully associated with the Web ACL.
By following these steps, you will be able to remediate the misconfiguration of FMS Web ACL not having a Rule Group Association in AWS Firewall Manager using the AWS console.
To remediate the misconfiguration “FMS Web ACL Should Have Rule Group Association” using AWS CLI, follow these steps:
-
Open your terminal or command prompt.
-
Use the following AWS CLI command to update a rule group association with your FMS Web ACL:
aws wafv2 update-web-acl \
--name <WEB_ACL_NAME> \
--scope REGIONAL \
--id <WEB_ACL_ID> \
--lock-token <LOCK_TOKEN> \
--rules '[
{
"Name":"<RULE_GROUP_NAME>",
"Priority":<PRIORITY>,
"Statement":{
"RuleGroupReferenceStatement":{
"ARN":"<RULE_GROUP_ARN>"
}
},
"Action":{
"Allow":{}
}
}
]'
Replace the following placeholders in the command:
<WEB_ACL_NAME>: The name of your FMS Web ACL.<WEB_ACL_ID>: The ID of your FMS Web ACL.<LOCK_TOKEN>: The lock token associated with the Web ACL.<RULE_GROUP_NAME>: The name of the rule group you want to associate.<PRIORITY>: The priority of the rule group in the Web ACL.<RULE_GROUP_ARN>: The ARN of the rule group.
- To retrieve the lock token, run the following command:
aws wafv2 get-web-acl --scope REGIONAL --id <WEB_ACL_ID> --name <WEB_ACL_NAME>
-
Execute the update command in your terminal. This will associate the specified rule group with your FMS Web ACL.
-
Verify that the rule group is successfully associated with the FMS Web ACL by checking the Web ACL configuration in the AWS Management Console or by running the following AWS CLI command:
aws wafv2 list-web-acls --scope REGIONAL
This command will list all the regional web ACLs in your account, including the one with the associated rule group.
By following these steps, you can remediate the misconfiguration “FMS Web ACL Should Have Rule Group Association” using AWS CLI.
To remediate the misconfiguration of FMS Web ACL not having a Rule Group Association using Python, you can follow these steps:
- Install the necessary Python libraries: Ensure you have the AWS SDK for Python (Boto3) installed. You can install it using pip:
pip install boto3
- Write a Python script to associate a Rule Group with the FMS Web ACL:
import boto3
# Initialize the WAFv2 client
wafv2_client = boto3.client('wafv2')
# Specify the Web ACL ID, name, and the Rule Group ARN that you want to associate
web_acl_id = 'YOUR_WEB_ACL_ID'
web_acl_name = 'YOUR_WEB_ACL_NAME'
rule_group_arn = 'YOUR_RULE_GROUP_ARN'
priority = 1
# Retrieve the current lock token
response = wafv2_client.get_web_acl(
Name=web_acl_name,
Scope='REGIONAL',
Id=web_acl_id
)
lock_token = response['LockToken']
# Update the Web ACL to associate the Rule Group
update_response = wafv2_client.update_web_acl(
Name=web_acl_name,
Scope='REGIONAL',
Id=web_acl_id,
LockToken=lock_token,
Rules=[
{
'Name': 'RuleGroupAssociation',
'Priority': priority,
'Statement': {
'RuleGroupReferenceStatement': {
'ARN': rule_group_arn
}
},
'Action': {
'Allow': {}
}
}
]
)
print("Rule Group associated successfully with the FMS Web ACL")
-
Replace
'YOUR_WEB_ACL_ID','YOUR_WEB_ACL_NAME', and'YOUR_RULE_GROUP_ARN'with the actual Web ACL ID, name, and Rule Group ARN you want to associate. -
Run the Python script: Save the script in a file (e.g.,
associate_rule_group.py) and run it using Python:
python associate_rule_group.py