# fms-webacl-resource-policy-check
<a name="fms-webacl-resource-policy-check"></a>

**Note**  
This rule is currently in the deprecation process. We do not recommend that you use them directly.

Checks if the web ACL is associated with an Application Load Balancer, API Gateway stage, or Amazon CloudFront distributions. When Amazon Firewall Manager creates this rule, the FMS policy owner specifies the `WebACLId` in the FMS policy and can optionally enable remediation.



**Identifier:** FMS\_WEBACL\_RESOURCE\_POLICY\_CHECK

**Resource Types:** AWS::CloudFront::Distribution, AWS::ApiGateway::Stage, AWS::ElasticLoadBalancingV2::LoadBalancer, AWS::WAFRegional::WebACL

**Trigger type:** Configuration changes

**Amazon Web Services Region:** All supported Amazon regions except Asia Pacific (Thailand), Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary) Region

**Parameters:**

webACLIdType: String  
The WebACLId of the web ACL.

resourceTags (Optional)Type: String  
The resource tags (ApplicationLoadBalancer, ApiGatewayStage and CloudFront distributions) that the rule should be associated with. (for example, { "tagKey1" : ["tagValue1"], "tagKey2" : ["tagValue2", "tagValue3"] })

excludeResourceTags (Optional)Type: boolean  
If true, exclude resources that match resourceTags.

fmsManagedToken (Optional)Type: String  
A token generated by Amazon Firewall Manager when creating the rule in customer account. Amazon Config ignores this parameter when customer creates this rule.

fmsRemediationEnabled (Optional)Type: boolean  
If true, Amazon Firewall Manager will update non-compliant resources according to FMS policy. Amazon Config ignores this parameter when customer creates this rule.

## Amazon CloudFormation template
<a name="w2aac20c16c17b7d837c21"></a>

To create Amazon Config managed rules with Amazon CloudFormation templates, see [Creating Amazon Config Managed Rules With Amazon CloudFormation Templates](aws-config-managed-rules-cloudformation-templates.md).