This solution automatically deploys a single web access control list (web ACL) with a set of AWS WAF rules designed to filter common web-based attacks.
We already had a lambda function partitioning CFront logs for input to some Athena queries.
For the waf automation the lambda logparser triggered by too broad and event prefix (/ or blank).
Meaning the stack fails due to overlapping prefixes. This sort of combine issue 84 and 91.
I am currently partitioning object copy raw/.... to partitioned/ and also to AWSLogs, the removing objects raw/
The current problem is template trys to do a trigger on file starting at the root (empty prefix) on the bucket. This requires removing the separate trigger for the partitioning. Since the lambda log parser is coded to AWSLogs, why not have that as the prefix for the trigger ?
We already had a lambda function partitioning CFront logs for input to some Athena queries. For the waf automation the lambda logparser triggered by too broad and event prefix (/ or blank). Meaning the stack fails due to overlapping prefixes. This sort of combine issue 84 and 91. I am currently partitioning object copy raw/.... to partitioned/ and also to AWSLogs, the removing objects raw/ The current problem is template trys to do a trigger on file starting at the root (empty prefix) on the bucket. This requires removing the separate trigger for the partitioning. Since the lambda log parser is coded to AWSLogs, why not have that as the prefix for the trigger ?
Trying to cut down on bucket sprawl.