Open chrisfleming-chq opened 8 months ago
Thanks for reporting the issue. This seems a by-design per the WAF service. Based on the https://docs.aws.amazon.com/waf/latest/APIReference/API_SingleHeader.html, the name isn't case sensitive. This means WAF allows both upper and lower cases, and it handles case conversion to lower case internally. Although using upper case in the WAF CloudFormation template creates a unintentional drift, it shouldn't affect functionality. We have added this to our backlog for future releases.
Describe the bug Deploying the Security Automations for AWS WAF solution creates drift on the WebACL nested Stack - I believe due to how AWS process Single Header names.
WAF treats these Single Headers as case insensitive and converts them to lowercase internally which is causing drift in that specific item.
https://docs.aws.amazon.com/waf/latest/APIReference/API_SingleHeader.html
To Reproduce This can be reproduced by deploying the Security Automations for AWS WAF solution and associating the Web ACL.
Detect Drift on the nested WebACL Stack - WAFWebACL will show as MODIFIED.
Expected behavior I expect WAFWebACL to reflect IN_SYNC and not MODIFIED.
To resolve the Drift to IN_SYNC - There are three (3) references of Single Headers, each of these need to be changed to lowercase to match how they are processed internally by AWS.
Once changes are made, running another drift check. This should confirm the once drifted WAFWebACL is now IN_SYNC.
Please complete the following information about the solution: