search

aws-solutions / aws-waf-security-automations

This solution automatically deploys a single web access control list (web ACL) with a set of AWS WAF rules designed to filter common web-based attacks.
https://aws.amazon.com/solutions/aws-waf-security-automations
Apache License 2.0
852 stars 367 forks source link

Lambda LogParser Log group does not exist #183

Closed michaelasper closed 3 years ago

michaelasper commented 3 years ago

Have been trying to get into the logs for the parser, clicking view logs in Cloud Watch within the lambda page brings

An error occurred while describing log streams.
The specified log group does not exist.

Log group does not exist
The specific log group: /aws/lambda/sandbox-test-waf-LogParser-XXXXXXX does not exist in this account or region.

To Reproduce Ran the playbook, the WAF automation seems to be functioning otherwise and other log groups are created

Expected behavior Presumably, a log group is created and viewable.

Please complete the following information about the solution:

  ActivateAWSManagedRulesParam = "yes"
  ActivateBadBotProtectionParam = "yes"
  ActivateCrossSiteScriptingProtectionParam = "yes"
  ActivateHttpFloodProtectionParam = "yes - AWS WAF rate based rule"
  ActivateReputationListsProtectionParam = "yes"
  ActivateScannersProbesProtectionParam = "yes - AWS Lambda log parser"
  ActivateSqlInjectionProtectionParam = "yes"
  AppAccessLogBucket = "xxxxxx"
  EndpointType = "ALB"
  ErrorThreshold = "50"
  KeepDataInOriginalS3Location = "Yes"
  RequestThreshold = "100"
  WAFBlockPeriod = "240"

EDIT: presumably when the lambda is ran once it would've created the group, but I'm able to trigger flood attacks and get ip banned with hey and no logs are appearing anywhere

michaelasper commented 3 years ago

Ok it was my mistake here

the alb bucket i assumed was doing different things, but after fixing that, everything is working fine