MEDIUM
Source
CloudSploit
ID
elbv2-waf-enabled

ELBv2 WAF Enabled

Ensure that all Application Load Balancers have WAF enabled.

Enabling WAF allows control over requests to the load balancer, allowing or denying traffic based off rules in the Web ACL

  1. Enter the WAF service. 2. Enter Web ACLs and filter by the region the Application Load Balancer is in. 3. If no Web ACL is found, Create a new Web ACL in the region the ALB resides and in Resource type to associate with web ACL, select the Load Balancer.