AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
FMS Web ACL Should Have Rule Group Association
More Info:
Checks if the rule groups associate with the web ACL at the correct priority. The correct priority is decided by the rank of the rule groups in the ruleGroups parameter. When AWS Firewall Manager creates this rule, it assigns the highest priority 0 followed by 1, 2, and so on. The FMS policy owner specifies the ruleGroups rank in the FMS policy and can optionally enable remediation.
Risk Level
Medium
Address
Security
Compliance Standards
CBP
Triage and Remediation
Remediation
To remediate the misconfiguration of FMS Web ACL not having a Rule Group Association in AWS Cloud Watch using the AWS console, follow these step-by-step instructions:
-
Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/console/) and login with your credentials.
-
Navigate to Firewall Manager: In the AWS Management Console, navigate to the Firewall Manager service by typing “Firewall Manager” in the search bar and selecting it from the options.
-
Select Policy: In the Firewall Manager dashboard, click on the policy that is associated with the Web ACL that needs to have a Rule Group Association.
-
Edit Policy: Click on the “Edit policy” button to make changes to the policy.
-
Add Rule Group Association: In the policy settings, look for the section where you can associate a Rule Group with the Web ACL. Click on the “Add Rule Group Association” button.
-
Select Rule Group: A list of available Rule Groups will be displayed. Select the appropriate Rule Group that you want to associate with the Web ACL.
-
Save Changes: After selecting the Rule Group, click on the “Save” or “Update” button to save the changes to the policy.
-
Review Changes: Review the changes made to the policy to ensure that the Rule Group has been successfully associated with the Web ACL.
By following these steps, you will be able to remediate the misconfiguration of FMS Web ACL not having a Rule Group Association in AWS Cloud Watch using the AWS console.
To remediate the misconfiguration “FMS Web ACL Should Have Rule Group Association” for AWS CloudWatch using AWS CLI, follow these steps:
-
Open your terminal or command prompt.
-
Use the following AWS CLI command to associate a rule group with your FMS Web ACL:
aws wafv2 associate-web-acl \
--web-acl-arn <YOUR_WEB_ACL_ARN> \
--web-acl-capacity UNIT_42 \
--web-acl-rule-group-reference "ARN=arn:aws:wafv2:REGION:ACCOUNT_ID:regional-rule-group/RULE_GROUP_ID" \
--action "ALLOW" \
--scope "REGIONAL"
Replace the following placeholders in the command:
<YOUR_WEB_ACL_ARN>: The ARN of your FMS Web ACLREGION: The AWS region where your FMS Web ACL is deployedACCOUNT_ID: Your AWS account IDRULE_GROUP_ID: The ID of the rule group you want to associate with the FMS Web ACL
-
Execute the command in your terminal. This will associate the specified rule group with your FMS Web ACL and remediate the misconfiguration.
-
Verify that the rule group is successfully associated with the FMS Web ACL by checking the Web ACL configuration in the AWS Management Console or by running the following AWS CLI command:
aws wafv2 list-web-acls --scope REGIONAL
This command will list all the regional web ACLs in your account, including the one with the associated rule group.
By following these steps, you can remediate the misconfiguration “FMS Web ACL Should Have Rule Group Association” for AWS CloudWatch using AWS CLI.
To remediate the misconfiguration of FMS Web ACL not having a Rule Group Association in AWS CloudWatch using Python, you can follow these steps:
- Install the necessary Python libraries: Ensure you have the AWS SDK for Python (Boto3) installed. You can install it using pip:
pip install boto3
- Write a Python script to associate a Rule Group with the FMS Web ACL:
import boto3
# Initialize the FMS and WAF clients
fms_client = boto3.client('fms')
wafv2_client = boto3.client('wafv2')
# Specify the FMS Web ACL Id and the Rule Group ARN that you want to associate
web_acl_id = 'YOUR_WEB_ACL_ID'
rule_group_arn = 'YOUR_RULE_GROUP_ARN'
# Associate the Rule Group with the FMS Web ACL
response = fms_client.put_apps_list(
ListId=web_acl_id,
AppsList=rule_group_arn
)
print("Rule Group associated successfully with the FMS Web ACL")
-
Replace
'YOUR_WEB_ACL_ID'and'YOUR_RULE_GROUP_ARN'with the actual Web ACL Id and Rule Group ARN that you want to associate. -
Run the Python script: Save the script in a file (e.g.,
associate_rule_group.py) and run it using Python:
python associate_rule_group.py
By following these steps and running the Python script, you can successfully associate a Rule Group with the FMS Web ACL in AWS CloudWatch, remediating the misconfiguration.