Ensure public facing ALB are protected by AWS Web Application Firewall v2 (AWS WAFv2)

Error: Application Load Balancer (ALB) not configured with AWS Web Application Firewall v2 (AWS WAFv2)

Bridgecrew Policy ID: BC_AWS_NETWORKING_58
Checkov Check ID: CKV2_AWS_28
Severity: MEDIUM

Application Load Balancer (ALB) not configured with AWS Web Application Firewall v2 (AWS WAFv2)

Description

AWS WAF is a web application firewall service that helps protect your web applications from common web exploits that could affect your application's availability, integrity, or confidentiality.

By attaching AWS WAF to your public-facing ALBs, you can create rules that block or allow traffic based on the characteristics of the traffic, such as the IP address, the HTTP method, or the values of specific headers. This can help to protect your application from common web exploits such as SQL injection attacks, cross-site scripting attacks, and other types of malicious traffic.

Fix - Buildtime

Terraform

resource "aws_lb" "lb_good_1" {
  internal= false
}


resource "aws_wafregional_web_acl_association" "foo" {
  resource_arn = aws_lb.lb_good_1.arn
  web_acl_id = aws_wafregional_web_acl.foo.id
}