log parser fails when blocked ip file doesn't exist

aws-solutions / aws-waf-security-automations

This solution automatically deploys a single web access control list (web ACL) with a set of AWS WAF rules designed to filter common web-based attacks.

https://aws.amazon.com/solutions/aws-waf-security-automations

Apache License 2.0

848 stars 363 forks source link

log parser fails when blocked ip file doesn't exist #62

Closed dpmallinger closed 5 years ago

dpmallinger commented 5 years ago

when the s3 bucket does not have a aws-waf-security-automations-current-blocked-ips.json file log-parser.py failes with:

[merge_current_blocked_requesters] Error merging data An error occurred (403) when calling the HeadObject operation: Forbidden

hvital commented 5 years ago

Hi,

We need to change this error message to just a info log. If the file does not exist, the solution should create a new one. Have you got a new file created?

gxof commented 5 years ago

Hello,

Just like @dpmallinger, I had the same error and no file was created. I had to create manually an empty file in s3. The error was then gone and the file contained a valid json. But no IPs are blocked.

dpmallinger commented 5 years ago

Hello,

I had the same experience as @gxof. I had to create the file manually with { "block": {} } to get the code to run.

hvital commented 5 years ago

Got it. It's not the expected behavior. Will change this error message to log but also check why the file was not created accordingly.

hvital commented 5 years ago

We've just pushed a new version that fixes this. Added the following error handler for this case:

https://github.com/awslabs/aws-waf-security-automations/blob/c7b25b4f9005469f1606e8da19c9704268f0697a/source/log-parser/log-parser.py#L155

Many thanks