CloudFormation fails -ap-southeast-2

aws-solutions / aws-waf-security-automations

This solution automatically deploys a single web access control list (web ACL) with a set of AWS WAF rules designed to filter common web-based attacks.

https://aws.amazon.com/solutions/aws-waf-security-automations

Apache License 2.0

857 stars 364 forks source link

CloudFormation fails -ap-southeast-2 #61

Closed ghost closed 5 years ago

ghost commented 6 years ago

Hi im trying to deploy this waf template into Asia Pacific (Sydney) i have an s3 bucket which im trying to reference also located in Sydney.

I notice getting an error each time trying to create the i keep getting this error i have tried a few combinations of different bucket names along with leaving the ALB Access Log Bucket Name blank

23:38:47 UTC+0800	CREATE_FAILED	AWS::Lambda::Function	LambdaWAFLogParserFunction	1 validation error detected: Value '%%BUCKETNAME%%-ap-southeast-2' at 'code.s3Bucket' failed to satisfy constraint: Member must satisfy regular expression pattern: ^[0-9A-Za-z.-]*(?<!.)$ (Service: AWSLambda; Status Code: 400; Error Code: ValidationException; Request ID: 455c7f61-b834-11e8-8b0f-ed15de923720)

thomasphorton commented 6 years ago

Hello!

If you are trying to deploy the solution without making any modifications, I'd suggest following the documentation on the AWS Answers documentation for the AWS WAF Security Automations Solution.

If you're modifying any of the source code, the process is slightly more involved:

You need to run build-s3-dist.sh to replace the '%%BUCKET_NAME%%' strings within the template.
From there, you'll need to have the Lambdas built and deployed to a bucket named <bucket_name>-ap-southeast-2 in the proper structure- you can look at the CloudFormation templates for an idea of where each file should go.
Once that's done, you should be able to create a stack using your generated template.

Hope this helps!

hvital commented 5 years ago

We've just pushed a new version that we tested in the following regions:

ALB Version

US East (N. Virginia)
US East (Ohio)
US West (N. California)
US West (Oregon)
EU (Ireland)
EU (Frankfurt)
Asia Pacific (Sydney)
Asia Pacific (Tokyo)

CloudFront Version

US East (N. Virginia)
US East (Ohio)
US West (N. California)
US West (Oregon)
EU (Ireland)
EU (Frankfurt)
Asia Pacific (Sydney)
Asia Pacific (Tokyo)
Asia Pacific (Mumbai)
Asia Pacific (Seoul)
Asia Pacific (Singapore)
Canada (Central)
EU (London)
EU (Paris)
EU (Stockholm)
South America (Sao Paulo)

It should work on ap-southeast-2.

Regards.