Control: WAF web ACLs should have rules with actions
Description
Ensure WAF web ACLs have all have rules actions defined.
Usage
Run the control in your terminal:
powerpipe control run terraform_aws_compliance.control.waf_web_acl_rule_with_actionSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run terraform_aws_compliance.control.waf_web_acl_rule_with_action --shareSQL
This control uses a named query:
with rules_without_action as ( select address as name from terraform_resource, jsonb_array_elements( case jsonb_typeof(attributes_std -> 'rules') when 'array' then (attributes_std -> 'rules') else null end ) as r where ( r -> 'action' is null or (r -> 'action' = '{}')) and type = 'aws_waf_web_acl')select r.address as resource, case when (jsonb_typeof(attributes_std -> 'rules') = 'array') and a.name is null then 'ok' when (jsonb_typeof(attributes_std -> 'rules') = 'array') and a.name is not null then 'alarm' when (attributes_std -> 'rules' ->> 'action') is not null then 'ok' else 'alarm' end as status, split_part(r.address, '.', 2) || case when (jsonb_typeof(attributes_std -> 'rules') = 'array') and a.name is null then ' has all rules with action attached' when (jsonb_typeof(attributes_std -> 'rules') = 'array') and a.name is not null then ' has rules with no action attached' when (attributes_std -> 'rules' ->> 'action') is not null then ' has rule with action attached' else ' has rules with no action attached' end || '.' reason , path || ':' || start_linefrom terraform_resource as r left join rules_without_action as a on a.name = r.addresswhere r.type = 'aws_waf_web_acl';