search

aws-solutions / aws-waf-security-automations

This solution automatically deploys a single web access control list (web ACL) with a set of AWS WAF rules designed to filter common web-based attacks.
https://aws.amazon.com/solutions/aws-waf-security-automations
Apache License 2.0
843 stars 361 forks source link

Cannot add the List of IP Addresses to WAFWhitelistSetV4 #141

Closed r8or0pz closed 3 years ago

r8or0pz commented 4 years ago

Describe the bug After adding the list IP addresses to aws-waf-security-automations-webacl.template:Resources.WAFWhitelistSetV4.Addresses, I got:

Embedded stack arn:aws:cloudformation:us-west-1:*:stack/WAF-XX-DEV-WebACLStack-XXX/7f8ad140-c834-11ea-a83c-066e55aa410d was not successfully created: The following resource(s) failed to create: [TimerBlackV4, WAFWhitelistSetV4].

To Reproduce Add the list of addresses like:

  Addresses
       - '192.168.1.1/32'
       - '192.168.1.2/32'

Expected behavior The list of IP addresses is populated to ACL Rule.

Screenshots https://imgur.com/znHhF5v

Additional context How to add the list of IP addresses to WhiteListALcl?

aijunpeng commented 4 years ago

Thanks for the comment. Can you please clarify a few things?

  1. Which version of the waf solution are you using? The error message indicates v3.0, but it says v2.3.3 in the ticket.
  2. What are the exact steps you took to get the error? The error message seems a stack creation error, then how did you get to add ip without stack being deployed successfully first?
aijunpeng commented 4 years ago
  1. Provide error screenshots - The screenshots link in the ticket doesn't work and shows no match found.
r8or0pz commented 4 years ago

The issue relates to SOLUTION_NAME variable value. If you set it not to "aws-waf-security-automations", this issue appears.

aijunpeng commented 4 years ago

If you were building your own deployment assets by following the instructions in readme, you should be able to change value for SOLUTION_NAME. Just make sure you change all references to SOLUTION_NAME in your commands such as uploading assets to s3, etc. However this is just my speculation since I don't have sufficient information to know what you were doing exactly. Please kindly provide all required details if you would like further help with this.

maykays commented 3 years ago

Closing this issue. Please re-open if the problem persists.