Description

This control verifies whether an AWS Network Firewall stateless rule group includes at least one rule.

A rule group contains rules that define how the firewall handles traffic within your VPC. While an empty stateless rule group in a firewall policy might seem like it would process traffic, it has no effect without any defined rules.

Remediation

For guidance on configuring firewall logging, refer to the Updating a stateful rule group section of the AWS Network Firewall Developer Guide.