This solution automatically deploys a single web access control list (web ACL) with a set of AWS WAF rules designed to filter common web-based attacks.
if response['LocationConstraint'] == None:
response['LocationConstraint'] = 'us-east-1'
if response['LocationConstraint'] != region:
raise Exception('Bucket located in a different region. S3 bucket and Log Parser Lambda (and therefore, you CloudFormation Stack) must be created in the same Region.')
To
if response['LocationConstraint'] == None:
response['LocationConstraint'] = 'us-east-1'
if response['LocationConstraint'] == 'EU':
response['LocationConstraint'] = 'eu-west-1'
if response['LocationConstraint'] != region:
raise Exception('Bucket located in a different region. S3 bucket and Log Parser Lambda (and therefore, you CloudFormation Stack) must be created in the same Region.')
There's an issue with setting the S3 client region in the custom-resource.py file when using older buckets in eu-west-1 region.
https://github.com/awslabs/aws-waf-security-automations/blob/master/source/custom-resource/custom-resource.py
We need to change this:
To
see the S3 region constraints located here: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region eu-west-1 is a special case which can return either eu-west-1 or EU as a location constraint.