Amazon WAF policy findings - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon WAF policy findings

You can use Firewall Manager Amazon WAF policies to apply Amazon WAF rule groups to your resources in Amazon Organizations. For more information, see Working with Amazon Firewall Manager policies.

Resource is missing Firewall Manager managed web ACL.

An Amazon resource doesn't have the Amazon Firewall Manager managed web ACL association in accordance with the Firewall Manager policy. You can enable Firewall Manager remediation on the policy to correct this.

  • Severity – 80

  • Status settings – PASSED/FAILED

  • Updates – If Firewall Manager performs the remediation action, it will update the finding and the severity will lower from HIGH to INFORMATIONAL. If you perform the remediation, Firewall Manager will not update the finding.

Firewall Manager managed web ACL has misconfigured rule groups.

The rule groups in a web ACL that's managed by Firewall Manager are not configured correctly, according to the Firewall Manager policy. This means that the web ACL is missing the rule groups that the policy requires. You can enable Firewall Manager remediation on the policy to correct this.

  • Severity – 80

  • Status settings – PASSED/FAILED

  • Updates – If Firewall Manager performs the remediation action, it will update the finding and the severity will lower from HIGH to INFORMATIONAL. If you perform the remediation, Firewall Manager will not update the finding.