Network Firewall stateless rule groups should not be empty

Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Description

This control verifies whether an AWS Network Firewall stateless rule group includes at least one rule.

A rule group contains rules that define how the firewall handles traffic within your VPC. While an empty stateless rule group in a firewall policy might seem like it would process traffic, it has no effect without any defined rules.

Remediation

For guidance on configuring firewall logging, refer to the Updating a stateful rule group section of the AWS Network Firewall Developer Guide.