A config rule that checks that the rule groups associate with the web ACL at the correct priority. The correct priority is decided by the rank of the rule groups in the ruleGroups parameter. When AWS Firewall Manager creates this rule, it assigns the highest priority 0 followed by 1, 2, and so on. The FMS policy owner specifies the ruleGroups rank in the FMS policy and can optionally enable remediation.

 
Tags
Firewall Manager
Items
1
Size
0.8 KB
Missing Parameters
AWSTemplateFormatVersion: '2010-09-09'
Resources:
  ConfigRule:
    Type: 'AWS::Config::ConfigRule'
    Properties:
      ConfigRuleName: fms-webacl-rulegroup-association-check
      Description: >-
        A config rule that checks that the rule groups associate with the web
        ACL at the correct priority. The correct priority is decided by the rank
        of the rule groups in the ruleGroups parameter. When AWS Firewall
        Manager creates this rule, it assigns the h...
      InputParameters: {}
      Scope:
        ComplianceResourceTypes:
          - 'AWS::WAF::WebACL'
          - 'AWS::WAFRegional::WebACL'
      Source:
        Owner: AWS
        SourceIdentifier: FMS_WEBACL_RULEGROUP_ASSOCIATION_CHECK
Parameters: {}
Metadata: {}
Conditions: {}

Customize Cf Template

Rule Parameters

 
* Required field