WafLogBucket not encrypted in template

aws-solutions / aws-waf-security-automations

This solution automatically deploys a single web access control list (web ACL) with a set of AWS WAF rules designed to filter common web-based attacks.

https://aws.amazon.com/solutions/aws-waf-security-automations

Apache License 2.0

845 stars 361 forks source link

WafLogBucket not encrypted in template #109

Closed aldegoeij closed 4 years ago

aldegoeij commented 4 years ago

The WafLogBucket resource for the HttpFloodProtectionLogParser option is not encrypted by default, resulting in a bucket with WAF logs and Athena result sets in the clear.

https://github.com/awslabs/aws-waf-security-automations/blob/e504013c87bde6d6af434097f0c1147a4c1f86c0/deployment/aws-waf-security-automations.template#L357-L368

Adding AES256 encryption as minimum encryption level (I imagine KMS implementations differ per user) min upcoming PR.

georgebearden commented 4 years ago

This should have been addressed in the latest update to this solution. Please let us know if you need additional assistance around this.