Closed obounaim closed 1 year ago
Thank you for reporting the issue. We have added it to our backlog and it will be addressed in future releases.
Can you please provide screenshots of the input parameters/values for both stacks? And what error messages are you getting? Thanks!
Please find bellow the input values:
ActivateAWSManagedRulesParam no ActivateBadBotProtectionParam yes ActivateCrossSiteScriptingProtectionParam yes ActivateHttpFloodProtectionParam yes - Amazon Athena log parser ActivateReputationListsProtectionParam no ActivateScannersProbesProtectionParam yes - Amazon Athena log parser ActivateSqlInjectionProtectionParam yes AppAccessLogBucket waf-accesslog EndpointType ALB ErrorThreshold 200 KeepDataInOriginalS3Location Yes RequestThreshold 200 WAFBlockPeriod 240
The sub-stack FirehoseAthenaStack is failing due to some hard-coded values. For example the value "WAFAddPartitionAthenaQueryWorkGroup" is hard-coded into the resource name.
WAFAddPartitionAthenaQueryWorkGroup:
Type: AWS::Athena::WorkGroup
Condition: AthenaLogParser
Properties:
Name: WAFAddPartitionAthenaQueryWorkGroup
Description: Athena WorkGroup for adding Athena partition queries used by AWS WAF Security Automations Solution
State: ENABLED
RecursiveDeleteOption: true
WorkGroupConfiguration:
PublishCloudWatchMetricsEnabled: true
Thanks for the information! We will address the issue in next release.
While it seems WAFAddPartitionAthenaQueryWorkGroup
resource name has been changed to a custom name, the name for the other athena query work group WAFAppAccessLogAthenaQueryWorkGroup
has still not been customized
Thanks for the comment. Though the names can be made dynamic, we have evaluated this request and decided not to support multiple deployments in the same region and account in the out-of-box solution at this time. Feel free to download the source code and apply your own customization as needed.
Seems to be related https://github.com/awslabs/aws-waf-security-automations/pull/218
Thanks for the comment. Though the names can be made dynamic, we have evaluated this request and decided not to support multiple deployments in the same region and account in the out-of-box solution at this time. Feel free to download the source code and apply your own customization as needed.
A strange response. You parameterised WAFAddPartitionAthenaQueryWorkGroup
but not WAFAppAccessLogAthenaQueryWorkGroup
, which is in the same file. Seems like an easy fix regardless if you want to support or not
Will revisit this. Thanks!
This issue has been addressed in version >= 4.0.0.
Describe the bug I am unable to deploy the template more than once in the same region and same account. After successfully creating the first stack, trying to create a second stack will get rolled back because of conflicting resources withe the first stack.
To Reproduce The issue can be easily reproduced following the steps bellow :
Expected behavior It should be possible to use the template to deploy more than one WebACL in the same account and the same region.
Please complete the following information about the solution: