search

aws-solutions / aws-waf-security-automations

This solution automatically deploys a single web access control list (web ACL) with a set of AWS WAF rules designed to filter common web-based attacks.
https://aws.amazon.com/solutions/aws-waf-security-automations
Apache License 2.0
835 stars 358 forks source link

Merge existing Lambda Function Configurations when adding notifications to access logs S3 bucket #225

Closed m-davison closed 1 year ago

m-davison commented 1 year ago

Is your feature request related to a problem? Please describe. When using an existing S3 bucket for Access logs, and it already contains Lambda Function notifications, these are removed by the CustomResource and reset to and empty array before adding in the new ones for this solution.

Describe the feature you'd like Existing LambdaFunctionConfigurations configured outside this solution are not removed when configuring the access log S3 bucket notifications

Additional context Refer to the custom_resource.py > add_s3_bucket_lambda_event() for where the existing config is lost. Whereas for other configuration types (e.g. TopicConfigurations), they are preserved

aijunpeng commented 1 year ago

Thanks for reporting the issue. This has been added to our backlog to be looked into for future releases.

aijunpeng commented 1 year ago

S3 event notifications only allows one suffix like LambdaFunctionConfiguration for overlapping prefix for the same event type. So it is by design to remove all existing LambdaFunctionConfigurations before adding the new ones used by the solution.