Control: CloudFront distributions should have AWS WAF enabled
Description
This control checks whether CloudFront distributions are associated with either AWS WAF or AWS WAFv2 web ACLs. The control fails if the distribution is not associated with a web ACL.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.cloudfront_distribution_waf_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.cloudfront_distribution_waf_enabled --shareSQL
This control uses a named query:
select arn as resource, case when web_acl_id <> '' then 'ok' else 'alarm' end as status, case when web_acl_id <> '' then title || ' associated with WAF.' else title || ' not associated with WAF.' end as reason , region, account_idfrom aws_cloudfront_distribution;