Closed BhanuCh closed 7 years ago
Can you paste a snippet that is able to reproduce this error as well as a debug log (you can enable it with boto3.set_stream_logger(name='botocore')
).
Hello, see the python program that is throwing error. See the attached log file as you requested.
#!/usr/bin/python
import boto3
AWS_PROFILE = "XXXXXXXXXXX"
ENV = "Dev"
ALB_NAME = "XXXXXXXXXXX"
WEB_ACL_NAME='R-{}-alb-web-acl'.format(ENV)
WEB_ACL_RULE_NAME='R-{}-alb-web-acl-rule'.format(ENV)
WEB_ACL_IP_SET_NAME='R{}AlbWebAclIpSetBlackList'.format(ENV)
boto3.set_stream_logger(name='botocore')
session = boto3.Session(profile_name=AWS_PROFILE)
waf = session.client('waf-regional')
alb = session.client('elbv2')
alb_response = alb.describe_load_balancers(Names=[ALB_NAME])
alb_arn=alb_response["LoadBalancers"][0]["LoadBalancerArn"]
print alb_arn
web_acl_id="XXXXXXXXX"
waf.associate_web_acl(WebACLId=web_acl_id,ResourceArn=alb_arn)
I'm seeing the following error in your debug log:
botocore.errorfactory.WAFNonexistentItemException: An error occurred (WAFNonexistentItemException) when calling the AssociateWebACL operation: The referenced item does not exist.
Looks like the way you're generating the arn and/or id may not be the same in your script as you're doing for the CLI.
If you need any further assistance I would recommend making use of our community resources.
just FYI, we found that we had to wait a substantial amount of time before we could connect up a webacl to a newly created ALB. specifically it seems that we needed to wait until the ALB was active
, in some cases 2.5 minutes, before calling on the AssociateWebACL would associate without an entity error being thrown.
shout out to @loganmeetsworld for these findings
I am having the same issue with BOTO3 while associating an existing ALB with newly created Web ACL. The documentation doesn't say anything else other than to retry.
I have written python program to attach Web Acl to Application load balancer. function always fails and returns "botocore.errorfactory.WAFUnavailableEntityException: An error occurred (WAFUnavailableEntityException) when calling the AssociateWebACL operation: An entity is unavailable for modification or display. Please retry." code in my program: waf.associate_web_acl(WebACLId=web_acl_id,ResourceArn=alb_arn)
when i do the same operation using AWS CLI, it is success.
aws waf-regional associate-web-acl --web-acl-id XXXXXXX --resource-arn XXXXXXX