Network Firewall stateless rule groups should not be empty

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

This control verifies whether an AWS Network Firewall stateless rule group includes at least one rule.

A rule group contains rules that define how the firewall handles traffic within your VPC. While an empty stateless rule group in a firewall policy might seem like it would process traffic, it has no effect without any defined rules.

Remediation

For guidance on configuring firewall logging, refer to the Updating a stateful rule group section of the AWS Network Firewall Developer Guide.