ALB Is Not Integrated With WAF

  • Query id: 0afa6ab8-a047-48cf-be07-93a2f8c34cf7
  • Query name: ALB Is Not Integrated With WAF
  • Platform: Terraform
  • Severity: Medium
  • Category: Networking and Firewall
  • URL: Github

Description

All Application Load Balancers (ALB) must be protected with Web Application Firewall (WAF) service
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - tf file
resource "aws_alb" "foo" {
  internal = false
  subnets  = [aws_subnet.foo.id, aws_subnet.bar.id]
}

resource "aws_wafregional_web_acl_association" "foo_waf" {
  resource_arn = aws_alb.fooooo.arn
  web_acl_id   = aws_wafregional_web_acl.foo.id
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "aws_alb" "foo33" {
  internal = false
  subnets  = [aws_subnet.foo.id, aws_subnet.bar.id]
}

resource "aws_wafregional_web_acl_association" "foo_waf33" {
  resource_arn = aws_alb.foo33.arn
  web_acl_id   = aws_wafregional_web_acl.foo.id
}
# trigger validation