search

PMI-DEEP-Infra / terraform-provider-wafrule

AWS Firewall Manager WAF rule provider for Terraform
Mozilla Public License 2.0
1 stars 0 forks source link

error WAFNonexistentItemException: AWS WAF couldn’t perform the operation because your resource doesn’t exist. #2

Closed KangCyduk closed 1 year ago

KangCyduk commented 1 year ago

I always get this error in the plan phase when running Terraform right now. The last time I ran Terraform was in February 2022, and there were no errors like this.

I noticed that there was an update in September 2022. Do I need to make any adjustments to my code in waf.tf?

provider "wafrule" {
  region = "eu-west-1"
}

resource "wafrule_acl_rule" "waf" {
  waf_acl_name  = var.web_acl_name
  waf_acl_id = var.web_acl_id

  rule {
    name     = "allow-trusted-origin"
    priority = 0
    action {
      allow {}
    }
    statement {
      or_statement {
        statement {
            byte_match_statement {
                search_string = var.acm_gratitude_domain_name
                field_to_match {
                    single_header {
                        name = "origin"
                    }
                }
                positional_constraint = "CONTAINS"
                text_transformation {
                    priority = 0
                    type = "NONE"
                }
            }
        }

        statement {
            byte_match_statement {
                search_string = var.acm_culture_domain_name
                field_to_match {
                    single_header {
                        name = "origin"
                    }
                }
                positional_constraint = "CONTAINS"
                text_transformation {
                    priority = 0
                    type = "NONE"
                }
            }
        }
      }
    }

    visibility_config {
      cloudwatch_metrics_enabled = true
      metric_name                = "AllowTrustedOriginRule"
      sampled_requests_enabled   = true
    }
  }
}
neshcheretal commented 1 year ago

Hello @KangCyduk

I have re-checked the provider and created a rule using version 1.0.1, then updated the provider version to 1.1.0 and finally to the latest 1.2.2 and I have not spotted this exact issue. Personally, I met this issue in two cases - when the resources definition was deleted from the code together with a provider definition and another case I met was in a similar situation after a long time the run start failing with the error. After some checking I found that the WAF ACL id and name in the terraform state and present in the account were different. Not sure what was the reason for this change but the easiest way to solve it for me was just to remove the wafrule_acl_rule object from the tf state and them re-run the terraform.

neshcheretal commented 1 year ago

@KangCyduk, the issue is fixed in version 1.2.3, when the new ACL is provisioned the old resource will deleted from the state instead of just throwing the error