There are a few troubleshooting steps in the documentation.
Can you check the CloudWatch / Events & Logs to see where it's breaking? That can help narrow down the issue as well.
So, according to a recent chat with AWS support on this issue looks like logging must be enabled at the same time the web ACL or the security policy is being created. The order matters so the associated permissions can be created accordingly. Enabling logging after the ACL/policy is created will not send any logs.
AWS need to indicate the proper steps needed for enabling logging after the fact that ACLs were created, unless this is a bug.
Year wrongly set to 2022 for AWS Kinesis Firehose Delivery Stream to S3Accepted Answerasked 9 months ago
WAF Managed Group Rules (notifications, etc)Accepted AnswerMODERATORasked 3 years ago
Kinesis Firehose Delivery Stream - S3 - JSONasked 3 months ago
Cannot send WAF logs to Kinesisasked 4 months ago
How to set the starting position for a Kinesis Delivery Streamasked 2 months ago
Error Kinesis cannot put logs to s3Accepted Answerasked 5 months ago
Send WAF logs to rSysLog (direct connection to 514 port over UDP) through Amazon Kinesis Data Firehouseasked 22 days ago
WAF logs to S3 and Cloudwatch?asked 10 days ago
Do I need to create two kinesis delivery streams to send messages under two different paths in the same s3 bucket?asked 4 months ago
Multiple Kinesis Data Analytics apps to use the same Kinesis firehose delivery stream as sourceAccepted Answerasked 2 years ago