Closed RobHarveyDev closed 1 year ago
When you set the addWaf prop to false, it still tries to add the WafAssociation to the API Gateway despite it being undefined. It is failing with the error TypeError: Cannot read properties of undefined (reading 'attrArn')
TypeError: Cannot read properties of undefined (reading 'attrArn')
The problem seems to be here:
if (props.fido2.api?.addWaf !== false) { this.fido2ApiWebACL = new cdk.aws_wafv2.CfnWebACL( scope, `Fido2ApiWebACL${id}`, { defaultAction: { allow: {}, }, scope: "REGIONAL", visibilityConfig: { cloudWatchMetricsEnabled: true, metricName: `Fido2ApiWebACL${id}`, sampledRequestsEnabled: true, }, rules: [ { name: "RateLimitPerIP", priority: 1, action: { block: {}, }, visibilityConfig: { sampledRequestsEnabled: true, cloudWatchMetricsEnabled: true, metricName: "RateLimitPerIP", }, statement: { rateBasedStatement: { limit: props.fido2.api?.wafRateLimitPerIp ?? 100, // max 100 requests per 5 minutes per IP address aggregateKeyType: "FORWARDED_IP", forwardedIpConfig: { headerName: "X-Forwarded-For", fallbackBehavior: "MATCH", }, }, }, }, ], } ); } new cdk.aws_wafv2.CfnWebACLAssociation(scope, `WafAssociation${id}`, { resourceArn: this.fido2Api.deploymentStage.stageArn, webAclArn: this.fido2ApiWebACL!.attrArn, });
where the CfnWebACLAssociation should be inside the IF statement.
When you set the addWaf prop to false, it still tries to add the WafAssociation to the API Gateway despite it being undefined. It is failing with the error
TypeError: Cannot read properties of undefined (reading 'attrArn')The problem seems to be here:
where the CfnWebACLAssociation should be inside the IF statement.