Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “ELB Should Have WAF Enabled” in AWS using the AWS console, you can follow the below steps:
- Login to the AWS console.
- Navigate to the EC2 dashboard.
- Click on the Load Balancers option from the left-hand menu.
- Select the ELB for which you want to enable the WAF.
- Click on the Listeners tab.
- Click on the Edit button next to the listener for which you want to enable the WAF.
- In the Edit Listener dialog box, click on the Add Rule button.
- Select the AWS WAF option from the dropdown menu.
- Choose the WebACL that you want to associate with the ELB.
- Click on the Save button to save the changes.
Using CLI
Using CLI
To remediate the misconfiguration of ELB not having WAF enabled in AWS using AWS CLI, follow the below steps:Note: Replace “MyWebACL” with a name of your choice for the WebACL.Note: Replace the WebACL ARN and ELB ARN with the ARNs that you noted down in the previous steps.Note: Replace the ELB ARN with the ARN of the ELB that you enabled WAF for.Once you have completed these steps, WAF will be enabled for the specified ELB in your AWS environment.
- Open AWS CLI on your local machine and run the following command to list all the AWS Elastic Load Balancers:
- From the response, identify the ARN of the ELB that you want to enable WAF for.
- Run the following command to create an AWS WAF WebACL:
- From the response, note down the ARN of the newly created WebACL.
- Run the following command to associate the WebACL with the ELB:
- Finally, verify that the WAF is enabled for the ELB by running the following command:
Using Python
Using Python
To remediate the misconfiguration of ELB not having WAF enabled in AWS using Python, follow these steps:Note: This code is just an example. You may need to modify it according to your specific requirements.
- Import the necessary libraries:
- Create a boto3 client for AWS WAF:
- Create a boto3 client for AWS ELB:
- Get a list of all the ELBs in the region:
- Loop through each ELB and check if WAF is enabled:
- If WAF is not enabled for an ELB, create a new web ACL, add a rule to it, and associate it with the ELB.
- The final code will look like this: