Closed Slarker0k closed 1 year ago
Hi @Slarker0k Can you please show your modifications that fail? Thanks
Sure: When I have this:
WAFWebACL:
Type: 'AWS::WAF::WebACL'
Properties:
Name: !Ref 'ParentStackName'
DefaultAction:
Type: ALLOW
MetricName: !Join ['', [!Join ['', !Split ['-', !Ref ParentStackName]], 'MaliciousRequesters']]
Rules:
- Action:
Type: ALLOW
Priority: 10
RuleId: !Ref WAFWhitelistRule`
And I add my own rule: WAFWebACL:
Type: 'AWS::WAF::WebACL'
Properties:
Name: !Ref 'ParentStackName'
DefaultAction:
Type: ALLOW
MetricName: !Join ['', [!Join ['', !Split ['-', !Ref ParentStackName]], 'MaliciousRequesters']]
Rules:
- Action:
Type: ALLOW
Priority: 10
RuleId: !Ref WAFWhitelistRule
- Action:
Type: BLOCK
Priority: 100
RuleId: !Ref MyAwesomeRule`
It gives me an error:
Operation is invalid for this entity.
Also to be completely clear, i can add this rule using cli
Hi @Slarker0k
The reason you cannot add through CloudFormation template is that the version 2.3 of this solution only defines the WebACL reference in the CloudFormation template and all rules are added through custom lambda calls (python scripts) and the WAF classic API.
The reason yours works through the CLI is that you are talking directly to the API.
I would suggest waiting for the WAF API v2 compatible version (v3.0 of this solution), which DOES have the entire WebACL defined in CloudFormation and will provide you that flexibility. Please keep an eye on the repository for the v3.0 update of the solution.
Thanks
Closing this old issue due to inactivity.
When i try to add my rules to cloudfront template it just throws "Update Failed - Operation is invalid for this entity." I know that i have 3-4 rules to spare and my cfn template modification are correct