WAF web ACLs should have at least one rule or rule group

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

This control verifies that an AWS WAFV2 web access control list (web ACL) includes at least one rule or rule group. The control is considered non-compliant if a web ACL lacks any rules or rule groups.

A web ACL provides detailed control over all HTTP(S) web requests to your protected resource. It should include a set of rules and rule groups that examine and manage web requests. If a web ACL is empty, web traffic might pass through without being inspected or managed by AWS WAF, depending on the default action.

Please note that AWS WAF Classic ACLs are not evaluated by this control.

Remediation

For guidance on adding rules or rule groups to WAFV2 web ACLs, please refer to the Editing a web ACL section in the AWS WAF User Guide.

PREVIEWING: may/unit-testing