Network Firewall policies should have at least one associated rule group

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

This control verifies if a Network Firewall policy includes at least one stateful or stateless rule group.

A firewall policy dictates how traffic is monitored and managed within an Amazon Virtual Private Cloud (Amazon VPC). Configuring stateful and stateless rule groups enables packet filtering, regulates traffic flow, and establishes default traffic handling rules.

Remediation

For guidance on configuring firewall logging, refer to the Firewall policy settings in AWS Network Firewall section of the AWS Network Firewall Developer Guide.