By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

CloudTrail Not Logging All WAFv2 Events

0

I'm not sure if this is a bug or not. Over the last few days, I've created several Web ACLs and deleted several as well. I've also disassociated Web ACLs several times. When looking through my CloudTrail logs (I searched across all regions), I see most CloudTrail API calls except for:

  • AssociateWebACL
  • DisassociateWebACL

even though I know for sure I did this action several times.

The reason I was interested in this is that by default if you remove a Web ACL from a resource by adding another one, it does not warn you and I wanted to create a CloudWatch Event Rule to notify if this happens. And according to the documentation, DisassociateWebACL is an API call: https://docs.aws.amazon.com/waf/latest/APIReference/API_DisassociateWebACL.html

Any ideas? Thanks.

Topics
Security, Identity, & Compliance
Tags
AWS WAF
Language
English
ossie
asked 3 years ago572 views
1 Answer
0

Oops. After re-reading the documentation, it will only issue the above APIs for region-level resources and not for CloudFront distributions. Thanks

ossie
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content