[Bug]: Error when working with '*' in waf regex string

[brianhob27]

Terraform Core Version

1.5.7

AWS Provider Version

5.20.1

Affected Resource(s)

aws_wafv2_web_acl regex_match_statement

Expected Behavior

When using a regex string "(*UTF8)^{1,100}$" to check for string of 100 charcters in utf-8 format, the waf rule statement should build and deploy successfully.

Actual Behavior

An error message is thrown failing to build and deploy to aws waf.

Relevant Error/Panic Output Snippet

rule.1.statement.0.and_statement.0.statement.1.regex_match_statement.0.regex_string": error parsing regexp: missing argument to repetition operator: `*`

Terraform Configuration Files

  "resource": {
    "aws_cloudwatch_log_group": {
      "aws-waf-logs-main-waf-input-validation_dev_us-west-2": {
        "//": {
          "metadata": {
            "path": "main-waf-input-validation_dev_us-west-2/aws-waf-logs-main-waf-input-validation_dev_us-west-2",
            "uniqueId": "aws-waf-logs-main-waf-input-validation_dev_us-west-2"
          }
        },
        "name": "aws-waf-logs-main-waf-input-validation_dev_us-west-2",
        "retention_in_days": 90,
        "tags": {
          "adsk:moniker": "TEST360-C-UW2"
        }
      }
    },
    "aws_wafv2_web_acl": {
      "main-waf-input-validation_dev_us-west-2": {
        "//": {
          "metadata": {
            "path": "main-waf-input-validation_dev_us-west-2/main-waf-input-validation_dev_us-west-2",
            "uniqueId": "main-waf-input-validation_dev_us-west-2"
          }
        },
        "default_action": {
          "block": {
          }
        },
        "name": "main-waf-input-validation_dev_us-west-2",
        "rule": [
          {
            "action": {
              "allow": {
              }
            },
            "name": "TestRule",
            "priority": 0,
            "statement": {
              "and_statement": {
                "statement": [
                  {
                    "regex_match_statement": {
                      "field_to_match": {
                        "uri_path": {
                        }
                      },
                      "regex_string": "/main",
                      "text_transformation": [
                        {
                          "priority": 0,
                          "type": "NONE"
                        }
                      ]
                    }
                  },
                  {
                    "regex_match_statement": {
                      "field_to_match": {
                        "single_query_argument": {
                          "name": "filename"
                        }
                      },
                      "regex_string": "(*UTF8)^{1,100}$",
                      "text_transformation": [
                        {
                          "priority": 0,
                          "type": "NONE"
                        }
                      ]
                    }
                  }
                ]
              }
            },
            "visibility_config": {
              "cloudwatch_metrics_enabled": true,
              "metric_name": "TestRule",
              "sampled_requests_enabled": true
            }
          }
        ],
        "scope": "REGIONAL",
        "tags": {
          "adsk:moniker": "TEST360-C-UW2"
        },
        "visibility_config": {
          "cloudwatch_metrics_enabled": true,
          "metric_name": "main-waf-input-validation_dev_us-west-2",
          "sampled_requests_enabled": true
        }
      }
    },
    "aws_wafv2_web_acl_logging_configuration": {
      "main-waf-input-validation_dev_us-west-2_logging_configuration": {
        "//": {
          "metadata": {
            "path": "main-waf-input-validation_dev_us-west-2/main-waf-input-validation_dev_us-west-2_logging_configuration",
            "uniqueId": "main-waf-input-validation_dev_us-west-2_logging_configuration"
          }
        },
        "log_destination_configs": [
          "${aws_cloudwatch_log_group.aws-waf-logs-main-waf-input-validation_dev_us-west-2.arn}"
        ],
        "resource_arn": "${aws_wafv2_web_acl.main-waf-input-validation_dev_us-west-2.arn}"
      }
    }
  },

Steps to Reproduce

Create a regex rule statement '(*UTF8)^{1,100}$' Use cdktf to deploy to aws

Debug Output

rule.1.statement.0.and_statement.0.statement.1.regex_match_statement.0.regex_string": error parsing regexp: missing argument to repetition operator: *

Panic Output

No response

Important Factoids

This regex string (*UTF8)^{1,100}$ works in the AWS WAF web console.

Looks like terraform is trying to validate the regex statement against a different regex engine than aws waf v2. Is it possible to have an option to remove the validation? Or to change to the same regex engine as aws?

References

No response

Would you like to implement a fix?

No

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.