Closed aditya-inapp closed 3 years ago
The issue seems to be that, only one ACL can be associated with these resources. Hence the last ACL to be attached remains associated. As for Terraform, the resources are created, I think the removal of association is done implicitly by aws
Hi @aditya-inapp, thank you for raising this issue. While the WebACL to resource relationship is one-to-many, looks like AWS unfortunately has some restrictions as you've come across. So with the configuration you've provided, the resources cannot be re-used across the multiple webACLs.
You can associate each AWS resource with only one web ACL. The relationship between web ACL and AWS resources is one-to-many.
You can associate a web ACL with one or more CloudFront distributions. You can't associate a web ACL that you've associated with a CloudFront distribution with any other AWS resource type.
Ref: https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-associating-aws-resource.html
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
Community Note
Terraform CLI and Terraform AWS Provider Version
Affected Resource(s)
Terraform Configuration Files
Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.
Debug Output
https://gist.github.com/aditya-inapp/71f63542d390e43dd1d871a429504d17
https://gist.github.com/aditya-inapp/c3532e4d9d7dc18ef82fee07d54e0692
Panic Output
Expected Behavior
All 3 API GW/ALB attached to each ACL
Actual Behavior
Each API GW/ALB is getting attached to any ONE ACL without error in TF scripts
Steps to Reproduce
terraform apply
Important Factoids
References
0000