Control: Network Firewall logging should be enabled
Description
This control checks whether logging is enabled for an AWS Network Firewall firewall. The control fails if logging isn't enabled for at least one log type or if the logging destination doesn't exist.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.networkfirewall_firewall_logging_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.networkfirewall_firewall_logging_enabled --shareSQL
This control uses a named query:
select arn as resource, case when jsonb_array_length(logging_configuration) > 0 then 'ok' else 'alarm' end status, case when jsonb_array_length(logging_configuration) > 0 then title || ' logging enabled.' else title || ' logging disabled.' end reason , region, account_idfrom aws_networkfirewall_firewall;