Open mahela-aws opened 1 year ago
Voting for Prioritization
Volunteering to Work on This Issue
Just leaving a note to say I've hit something similar with 1.3.x and the 5.0 provider, that per #30080 was resolved (or at least worked around) by using TF 1.4.6
@Dogers I have tried to upgrade the terraform
version to see if that works, but no luck
Plan: 1 to add, 0 to change, 0 to destroy.
aws_wafv2_web_acl.main: Creating...
╷
│ Error: creating WAFv2 WebACL (buynomics-dev2-webaclv2): WAFInvalidOperationException: Your request contains fields that belong to a feature you are not allowed to use.
│
│ with aws_wafv2_web_acl.main,
│ on main.tf line 21, in resource "aws_wafv2_web_acl" "main":
│ 21: resource "aws_wafv2_web_acl" "main" {
│
╵
╭─ ~/buynomics-code/base-infrastructure/test feat/DOM-165-waf-atp !1 ?1 ···························································································· 11s AWS development 05:23:22 pm ─╮
╰─❯ terraform --version ─╯
Terraform v1.4.6
on darwin_arm64
+ provider registry.terraform.io/hashicorp/aws v5.1.0
Sounds like you're using third party rules? Might be worth checking they're correctly signed up in the account?
@Dogers what do you mean by a third party rule ? all the existing rules were working just fine, only thing causing the error is when I'm trying to add the below rule
rule {
name = "AccountTakeOverPrevention"
priority = 2
override_action {
count {}
}
statement {
managed_rule_group_statement {
name = "AWSManagedRulesATPRuleSet"
vendor_name = "AWS"
managed_rule_group_configs {
aws_managed_rules_atp_rule_set {
login_path = var.bn_context == "review" ? "/admin-${var.bn_context}" : "/admin"
request_inspection {
password_field {
identifier = "/password"
}
payload_type = "JSON"
username_field {
identifier = "/username"
}
}
response_inspection {
status_code {
failure_codes = ["403"]
success_codes = ["200"]
}
}
}
}
}
}
visibility_config {
cloudwatch_metrics_enabled = false
metric_name = "${lower(var.custom_metric_name)}AccountTakeOverPrevention"
sampled_requests_enabled = true
}
}
Running terraform for this rule aws_managed_rules_acfp_rule_set in a rule group throws up error of invalid code block and feature not support. Invalid operation. Any help on this please?
WAFInvalidOperationException: Your request contains fields that belong to a feature you are not allowed to use. │ │ with aws_wafv2_web_acl.waf_acl, │ on main.tf line 1, in resource "aws_wafv2_web_acl" "waf_acl": │ 1: resource "aws_wafv2_web_acl" "waf_acl" {
Terraform Core Version
v1.3.7
AWS Provider Version
v4.67.0
Affected Resource(s)
aws_wafv2_web_acl
Expected Behavior
we should be able apply this configuration successfully.
Actual Behavior
it's throwing below error when applying
Relevant Error/Panic Output Snippet
Terraform Configuration Files
Steps to Reproduce
try to apply this code, it should throw the given error
Debug Output
No response
Panic Output
Important Factoids
No response
References
No response
Would you like to implement a fix?
None