This solution automatically deploys a single web access control list (web ACL) with a set of AWS WAF rules designed to filter common web-based attacks.
The WafLogBucket resource for the HttpFloodProtectionLogParser option is not encrypted by default, resulting in a bucket with WAF logs and Athena result sets in the clear.
The
WafLogBucket
resource for theHttpFloodProtectionLogParser
option is not encrypted by default, resulting in a bucket with WAF logs and Athena result sets in the clear.https://github.com/awslabs/aws-waf-security-automations/blob/e504013c87bde6d6af434097f0c1147a4c1f86c0/deployment/aws-waf-security-automations.template#L357-L368
Adding AES256 encryption as minimum encryption level (I imagine KMS implementations differ per user) min upcoming PR.