search

aws-solutions / aws-waf-security-automations

This solution automatically deploys a single web access control list (web ACL) with a set of AWS WAF rules designed to filter common web-based attacks.
https://aws.amazon.com/solutions/aws-waf-security-automations
Apache License 2.0
845 stars 361 forks source link

Version 2.3.1 #114

Closed EmViKay closed 1 year ago

EmViKay commented 4 years ago

I have deployed version 2.3.0 I am going to update Version 2.3.1. Have an error:

2020-01-03 14:38:03 UTC+0200 CheckRequirements UPDATE_FAILED Modifying service token is not allowed.
2020-01-03 14:38:04 UTC+0200 AWSWAFSecurityAutomations UPDATE_ROLLBACK_IN_PROGRESS The following resource(s) failed to update: [CheckRequirements].

Can someone help me?

casper5822 commented 4 years ago

Same error for me.

krymen commented 4 years ago

Same here.

EmViKay commented 4 years ago

any updates?

curtismorte commented 4 years ago

If you follow the events for the CloudFormation Stack, you will see what service is being worked on / created and then you can use additional tools to debug further from there.

For example, the event "Logical ID" you're looking at is: CheckRequirements

The events leading up to your error (listed below by Logical ID) should be:

  1. [NAME-OF-STACK]
  2. LambdaRoleHelper
  3. LambdaRoleHelper
  4. LambdaRoleHelper
  5. Helper
  6. Helper
  7. Helper
  8. CheckRequirements
  9. CheckRequirements

If you launch the stack successfully you should see 3 events that have a Logical ID of "CheckRequirements" with the third event's status being "CREATE_COMPLETE".

Since you're likely failing at the first or second event with Logical ID "CheckRequirements" that's where you should begin your inspection.

If you have CloudTrail enabled, I recommend starting there and looking at events generated by your user / role which is responsible for creating the stack. This will give you some more details / logs which you can inspect to find the source of the issue.

If you don't have CloudTrail enabled: enable CloudTrail, re-create the stack (knowing it will fail), and then inspect the events for CloudTrail.

ariel-chwat commented 4 years ago

I also failed to update an existing stack to the new version. did anyone managed to resolve it?

curtismorte commented 4 years ago

@ariel-chwat If you're updating an existing stack, using the same S3 bucket parameter, then you will run into a problem with the event that was already created for the bucket. The name of that event is "Call Log Parser" and both the Name and Filter attributes are what cause the problem.

I deleted the event (taking a quick screenshot of the settings to add in case of another problem), and then launched the new stack.

aijunpeng commented 1 year ago

We have deprecated WAF classic version <=2.3.3. Closing this old issue.