If you are using AWS WAF, it is important that you ensure it meets your security requirements. AWS WAF is the AWS managed Web Application Firewall. It aims to protect web applications from common web exploits. Typically, a Regional WAF is attached to an ALB to protect against web attacks on the application. We used to allow customer to validate that an AWS WAF ACL is attached on CloudFront. Now, we have added Regional WAF as a stand-alone entity to reason about.
You can now ensure if ALB has an attached WAF directly. It is also added as an attribute on ALB so you can now fully reason on this within the Dome9 Compliance Engine.
Below are a few queries that you could to analyze your WAF’s in your infrastructure:
1. Make sure that the total number of WAFs in an account is 1, so that single WAF configuration is applied
List<WAFRegional> should have items groupBy [region] length() = 1
2. Make sure that ALB is protected by a WAF
ApplicationLoadBalancer should have webACLId
3. Validate that a Regional WAF exists in Oregon region
WAFRegional should have region = 'us_west_2’
Stay tuned for further updates!