Enhanced Document Understanding on AWS delivers an easy-to-use web application that ingests and analyzes documents, extracts content, identifies and redacts sensitive customer information, and creates search indexes from the analyzed data.
Describe the bug
We are using AWS EDUS v1.0.11.
When the http request has key word “admin” in it, the request failed with CORS error and the request won’t reach the backend lambda with below error
To Reproduce
Open Developer Tools in the browser, go to console
Log in to the EDUS solution, and search for any keywords in the kendra searchbox that has word “admin” in it, e.g. “admin” or “admin-test” or “administrative” …
It turns out this issue was caused by the managed rule AWS-AWSManagedRulesAdminProtectionRuleSet in the WAF WebACL. After removing the rule, the search works.
Describe the bug We are using AWS EDUS v1.0.11. When the http request has key word “admin” in it, the request failed with CORS error and the request won’t reach the backend lambda with below error
To Reproduce
Expected behavior Kendra search for keyword 'admin' should return documents that has 'admin' in it
Please complete the following information about the solution:
Version: 1.0.11
[ us-east-1 ] Region: [e.g. us-east-1]
[Yes ] Was the solution modified from the version published on this repository?
[ No] If the answer to the previous question was yes, are the changes available on GitHub?
[ Yes] Have you checked your service quotas for the sevices this solution uses?
Were there any errors in the CloudWatch Logs? Lambda was not invoked, API gateway returns 403 error for the
OPTIONS request. Error message from browser is: /search:1 Access to XMLHttpRequest at 'https://xxxx.execute-api.us-east-1.amazonaws.com/prod/search/kendra/admin' from origin 'https://xxxxx.cloudfront.net/' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Screenshots
Additional context The search works well for other search text which doesn't contain 'admin' in it