search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.63k stars 3.91k forks source link

[aws-wafv2] WebAcl Rule parsing issue #9506

Closed vinnar closed 4 years ago

vinnar commented 4 years ago

Creating a WAF rule in the stack and creation fails complaining about type for multiple input params.

Reproduction Steps

const webACL = new wafv2.CfnWebACL(this, 'WebACL', {
  description,
  scope: 'CLOUDFRONT',
  defaultAction: {
    block: {},
  },
  visibilityConfig: {
    sampledRequestsEnabled: true,
    cloudWatchMetricsEnabled: true,
    metricName: 'WAFWebACLMetric',
  },
  rules: [
    {
      name: 'RulesOne',
      priority: 1,
      action: {
        allow: {},
      },
      visibilityConfig: {
        sampledRequestsEnabled: true,
        cloudWatchMetricsEnabled: true,
        metricName: 'RuleOneMetric',
      },
      statement: {
        ipSetReferenceStatement: ipSet.attrArn,
      },
    },
  ],
});

What did you expect to happen?

What actually happened?

3/13 | 11:10:13 PM | CREATE_IN_PROGRESS | AWS::WAFv2::WebACL | WebACL 4/13 | 11:10:16 PM | CREATE_FAILED | AWS::WAFv2::WebACL | WebACL Model validation failed (#/Rules/0/Priority: expected type: Number, found: String

/Rules/0/Statement/IPSetReferenceStatement: expected type: JSONObject, found: String

/Rules/0/VisibilityConfig/SampledRequestsEnabled: expected type: Boolean, found: String

/Rules/0/VisibilityConfig/CloudWatchMetricsEnabled: expected type: Boolean, found: String

/VisibilityConfig/SampledRequestsEnabled: expected type: Boolean, found: String

/VisibilityConfig/CloudWatchMetricsEnabled: expected type: Boolean, found: String)

new InfraStack (/<directory-location-of-repo>/infra/lib/infra-stack.js:70:20)
\_ Object.<anonymous> (/<directory-location-of-repo>/infra/bin/infra.js:31:15)
\_ Module._compile (internal/modules/cjs/loader.js:1151:30)
\_ Object.Module._extensions..js (internal/modules/cjs/loader.js:1171:10)
\_ Module.load (internal/modules/cjs/loader.js:1000:32)
\_ Function.Module._load (internal/modules/cjs/loader.js:899:14)
\_ Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:71:12)
\_ internal/main/run_main_module.js:17:47

Environment

Other

package.json dependencies - "devDependencies": { "@aws-cdk/assert": "1.26.0", "aws-cdk": "1.26.0", "jest": "^24.9.0", "eslint": "^6.8.0", "eslint-config-airbnb-base": "^14.0.0", "eslint-plugin-import": "^2.20.1" }, "dependencies": { "@aws-cdk/core": "1.26.0", "@aws-cdk/aws-cloudfront": "^1.27.0", "@aws-cdk/aws-iam": "^1.27.0", "@aws-cdk/aws-route53": "^1.27.0", "@aws-cdk/aws-route53-targets": "^1.27.0", "@aws-cdk/aws-s3": "1.26.0", "@aws-cdk/aws-s3-assets": "^1.27.0", "@aws-cdk/aws-s3-deployment": "^1.27.0", "@aws-cdk/aws-wafv2": "^1.27.0", "dotenv": "^8.2.0", "js-yaml": "^3.13.1" }

In codepipeline buildspec file i force it to install aws-cdk version mentioned in devDependencies. This had worked without error till last month.

This is :bug: Bug Report

rix0rrr commented 4 years ago

In the template that gets generated, does it say:

      # If you see this, it might be a CDK issue
      Priority: "1",

Or:

      # If you see this, it's probably just impossible to use WAF v2 using
      # YAML templates and that should be reported as a bug to CloudFormation.
      Priority: 1
vinnar commented 4 years ago

I opened tkt with AWS support and this is the feedback I got (which worked):

Original: statement: { ipSetReferenceStatement: ipSet.attrArn, },

Should be: statement: { ipSetReferenceStatement:{ Arn: ipSet.attrArn } },

So I went back to look at the API reference and I confirmed that ipSetReferenceStatement is a property of object type: https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-wafv2.CfnWebACL.IPSetReferenceStatementProperty.html

afsalcodehack commented 4 years ago

@vinnar, @rix0rrr i have same issue in c# still getting error https://github.com/aws/aws-cdk/issues/10058 , and there is no class called IPSetReferenceStatementProperty in .net library