AWS::WAFv2::RuleGroup RateBasedStatement missing propery CustomKeys - Githubissues

aws-cloudformation / cloudformation-coverage-roadmap

The AWS CloudFormation Public Coverage Roadmap

https://aws.amazon.com/cloudformation/

Creative Commons Attribution Share Alike 4.0 International

1.11k stars 56 forks source link

AWS::WAFv2::RuleGroup RateBasedStatement missing propery CustomKeys #1695

Closed zBart closed 1 year ago

zBart commented 1 year ago

Name of the resource

AWS::WAFv2::WebACL

Resource name

No response

Description

AWS WAF added the option to specify custom keys for rate limiting (blog: https://aws.amazon.com/about-aws/whats-new/2023/05/aws-waf-rate-based-rules-request-headers-composite-keys/).

The new CUSTOM_KEYS option was added as a valid value for the AggregateKeyType (and it even mentions you have to set the CustomKeys property): https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ratebasedstatement.html

However, setting the CustomKeys property fails:

Resource handler returned message: "Model validation failed (#: extraneous key [CustomKeys] is not permitted)" (RequestToken: xxxx, HandlerErrorCode: InvalidRequest)

The API documentation for WAF does list the option: https://docs.aws.amazon.com/waf/latest/APIReference/API_RateBasedStatement.html

Adding support for this would require some additional types: https://docs.aws.amazon.com/waf/latest/APIReference/API_RateBasedStatementCustomKey.html

Other Details

No response

vigneshnin commented 1 year ago

I'm also facing the same issue. Seems like this works via the API but the cloudformation validation is not updated to accept the CustomKeys property

I guess I'll have to stick to manually updating it for the time being instead of using cloudformation

peerrabe commented 1 year ago

another option could be use UpdateWebACL https://awscli.amazonaws.com/v2/documentation/api/latest/reference/waf/update-web-acl.html

dazasa commented 1 year ago

How is the situation?

nikita-sokolsky-amazon commented 1 year ago

Good afternoon,

I am happy to confirm that CustomKeys support should now be available in Cloudformation. Please let me know if you are still experiencing issues.

xavi-bean commented 1 year ago

Hello, thanks for releasing this for Cloudformation. I wonder when this will be available for CDK? Should I raise any issue somewhere to move it to CDK, or it will be automatically moved as this is now available in Cfn? Thanks!

nikita-sokolsky-amazon commented 1 year ago

@xavi-bean It will appear automatically once the latest Cloudformation specification is updated. I've inquired as to the timelines of when this would happen next and will post an update as soon as I have the date.

nikita-sokolsky-amazon commented 1 year ago

@xavi-bean we are tracking this issue internally, unfortunately I cannot provide an exact ETA yet. I am monitoring this and will provide an update as soon as I can.