AWS Config
Developer Guide

fms-webacl-resource-policy-check

Checks whether the web ACL is associated with an Application Load Balancer or Amazon CloudFront distributions. When AWS Firewall Manager creates this rule, the FMS policy owner specifies the WebACLId in the FMS policy and can optionally enable remediation.

Identifier: FMS_WEBACL_RESOURCE_POLICY_CHECK

Trigger type: Configuration changes

Parameters:

webACLId

The WebACLId of the web ACL.

resourceTags

The resource tags (Application Load Balancer and Amazon CloudFront distributions) that the rule should be associated with (for example, { "tagKey1" : ["tagValue1"], "tagKey2" : ["tagValue2", "tagValue3"] }").

excludeResourceTags

If true, exclude the resources that match the resourceTags.

fmsManagedToken

A token generated by AWS Firewall Manager when creating the rule in your account. AWS Config ignores this parameter when you create this rule.

fmsRemediationEnabled

If true, AWS Firewall Manager will update non-compliant resources according to FMS policy. AWS Config ignores this parameter when you create this rule.

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.

View Launch

View