Restrict log4j2 message lookup Critical

1Resources:
2  Resource:
3    Type: AWS::WAFv2::WebACL
4    Properties:
5      Name: ${self:custom.environment.WAF_NAME}
6      Description: Selfie2Anime Rate Limits
7      DefaultAction:
8        Allow: { }
9      VisibilityConfig:
10        SampledRequestsEnabled: true
11        CloudWatchMetricsEnabled: true
12        MetricName: rate-limits
13      Scope: "REGIONAL"
14      Rules:
15        - Name: rate-limiter
16          Priority: 0
17          Action:
18            Block: { }
19          Statement:
20            # Noncompliant: `ManagedRuleGroupStatement` is not present.
21            RateBasedStatement:
22              Limit: 100
23              AggregateKeyType: IP
24          VisibilityConfig:
25            SampledRequestsEnabled: true
26            CloudWatchMetricsEnabled: true
27            MetricName: rate-limiter

1Resources:
2  Resource:
3    Type: AWS::WAFv2::WebACL
4    Properties:
5      Name: ${self:custom.environment.WAF_NAME}
6      Description: Selfie2Anime Rate Limits
7      DefaultAction:
8        Allow: { }
9      VisibilityConfig:
10        SampledRequestsEnabled: true
11        CloudWatchMetricsEnabled: true
12        MetricName: rate-limits
13      Scope: "REGIONAL"
14      Rules:
15        - Name: rate-limiter
16          Priority: 0
17          Action:
18            Block: { }
19          Statement:
20            RateBasedStatement:
21              Limit: 100
22              AggregateKeyType: IP
23            # Compliant: `ManagedRuleGroupStatement` is present.
24            ManagedRuleGroupStatement:
25              VendorName: AWS
26              Name: AWSManagedRulesKnownBadInputsRuleSet
27          VisibilityConfig:
28            SampledRequestsEnabled: true
29            CloudWatchMetricsEnabled: true
30            MetricName: rate-limiter
31          OverrideAction:
32            None: { }