Network Firewall Logging Should Be Enabled
More Info:
Ensure network firewall logging is enabledRisk Level
MediumAddress
Operational Maturity, Reliability, SecurityCompliance Standards
CBP,GDPR,HIPAA,ISO27001,SEBITriage and Remediation
Remediation
Using Console
Using Console
To remediate the issue of Network Firewall Logging not being enabled for AWS EC2 instances, you can follow these steps using the AWS Management Console:
- Sign in to the AWS Management Console: Go to the AWS Management Console (https://aws.amazon.com/console/) and sign in using your credentials.
- Navigate to the VPC Dashboard: Click on the “Services” dropdown in the top left corner of the console and select “VPC” under the Networking & Content Delivery section.
- Select the VPC: In the VPC Dashboard, select the Virtual Private Cloud (VPC) where your EC2 instances are located.
- Select the Network ACLs: In the VPC Dashboard, locate the “Network ACLs” option in the left-hand menu and click on it.
- Identify the Network ACL: Identify the Network Access Control List (NACL) associated with the subnet where your EC2 instances are located. Note down the NACL ID for future reference.
- Edit the Network ACL: Click on the NACL ID to open the details of the Network ACL.
- Add a Logging Configuration: In the Network ACL details, locate the “Network ACL entries” section and click on the “Edit” button.
- Enable Logging: In the Network ACL entries configuration, find the outbound and inbound rules that you want to enable logging for. Click on each rule and check the box for “Log” to enable logging for that rule.
- Save the Changes: After enabling logging for the necessary rules, click on the “Save” button to apply the changes to the Network ACL.
- Verify the Configuration: Once the changes are saved, verify that the Network Firewall Logging is enabled for the selected rules by checking the “Log” column in the Network ACL entries.
Using CLI
Using CLI
To remediate the misconfiguration of network firewall logging not being enabled for AWS EC2 instances using AWS CLI, follow these steps:Replace Replace
- Enable VPC Flow Logs: VPC Flow Logs capture information about the IP traffic going to and from network interfaces in your VPC. Run the following AWS CLI command to enable VPC Flow Logs for your VPC:
<your-vpc-id> with the ID of your VPC, <your-log-group-name> with the name of the CloudWatch Logs group where the flow logs will be stored, and <your-iam-role-arn> with the ARN of the IAM role that has permission to publish logs to CloudWatch Logs.- Enable Security Group Logging: Security Group Logs provide detailed information about the traffic allowed or denied by security groups associated with your EC2 instances. Run the following AWS CLI command to enable security group logging:
<your-network-interface-id> with the ID of the network interface associated with your EC2 instance.- Verify Configuration: Once you have enabled VPC Flow Logs and Security Group Logs, verify that the logs are being generated and stored in the specified CloudWatch Logs group. You can do this by checking the CloudWatch Logs console or by using the AWS CLI to query the logs.
Using Python
Using Python
To remediate the network firewall logging misconfiguration for AWS EC2 using Python, you can follow these steps:Replace the By following these steps, you can use Python to enable network firewall logging for AWS EC2 instances.
- Import the necessary libraries:
- Initialize the AWS EC2 client:
- Enable VPC Flow Logs for the desired VPC:
DeliverLogsPermissionArn, ResourceIds, and LogDestination with your specific values.- Verify that the VPC Flow Logs have been enabled successfully: