Updating the stack removes configured IP set

[anwar-sadat85]

Describe the bug When updating the stack from version 3.1.0 to 3.2.4, the IPs configured in the "WhitelistSetIPV4" are all deleted.

To Reproduce

1. Install stack version 3.1.0 in a newly created account
2. Add a few IPs to the WhitelistSetIPv4 IP set
3. Update the stack with version 3.2.4 (Leave IP retention at -1 for all the retention options, existing values for other params and default for the new parameters)
4. After update is completed, view WhitelistSetIPv4 IP set. It is empty

Expected behavior We expect the IP addresses in WhitelistSetIPv4 to be preserved when the stack is updated

Please complete the following information about the solution:

• [ ] Version: [e.g. v3.2.4]

To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "AWS WAF Security Automations v3.1: This AWS CloudFormation template helps you provision the AWS WAF Security Automations stack without worrying about creating and configuring the underlying AWS infrastructure". If the description does not contain the version information, you can look at the mappings section of the template:

Mappings:
  SourceCode:
    General:
      TemplateBucket: 'solutions-reference'
      SourceBucket: 'solutions'
      KeyPrefix: 'waf-security-automation/v3.1'

• [ ] Region: ap-southeast-2
• [ ] Was the solution modified from the version published on this repository? No
• [ ] If the answer to the previous question was yes, are the changes available on GitHub?
• [ ] Have you checked your service quotas for the sevices this solution uses? Yes
• [ ] Were there any errors in the CloudWatch Logs? No

Screenshots If applicable, add screenshots to help explain your problem (please DO NOT include sensitive information).

Additional context Add any other context about the problem here.

[anwar-sadat85]

Params for 3.1.1 ActivateAWSManagedRulesParam no ActivateBadBotProtectionParam yes ActivateCrossSiteScriptingProtectionParam yes ActivateHttpFloodProtectionParam yes - AWS WAF rate based rule ActivateReputationListsProtectionParam yes ActivateScannersProbesProtectionParam yes - AWS Lambda log parser ActivateSqlInjectionProtectionParam yes AppAccessLogBucket EndpointType ALB ErrorThreshold 50 KeepDataInOriginalS3Location No RequestThreshold 100 WAFBlockPeriod 240

Params for 3.2.4 update

ActivateAWSManagedRulesParam Use existing value ActivateBadBotProtectionParam Use existing value ActivateCrossSiteScriptingProtectionParam Use existing value ActivateHttpFloodProtectionParam Use existing value ActivateReputationListsProtectionParam Use existing value ActivateScannersProbesProtectionParam Use existing value ActivateSqlInjectionProtectionParam Use existing value AppAccessLogBucket Use existing value EndpointType Use existing value ErrorThreshold Use existing value IPRetentionPeriodAllowedParam -1 IPRetentionPeriodDeniedParam -1 KeepDataInOriginalS3Location Use existing value RequestThreshold Use existing value SNSEmailParam - SqlInjectionProtectionSensitivityLevelParam LOW WAFBlockPeriod Use existing value

[aijunpeng]

Track this in an internal ticket. closing the issue.