[Bug]: aws_wafv2_web_acl rule_json throwing errors for specific json rules

Description

I have successfully created some rules without errors but for this block I get an error. I have tried using non json rule format for the same exact rule below and it works just fine. I then copied json format of these rules from AWS WAF console to make sure my json formatting was correct and it still fails.

For my environments I have waf configured with 60+ rules and it makes it much easier to work with json while working on newer envs that require similar rules or while making sure live rules match up with our terraform. I am glad that rule_json is available now and I am working on migrating current wafs to terraform but hitting this error.

Terraform Core Version

v1.5.7

AWS Provider Version

v5.72.1

Affected Resource(s)

aws_wafv2_web_acl

Expected Behavior

aws_wafv2_web_acl.web_acl: Modifying... aws_wafv2_web_acl.web_acl: Modifications complete after 1s

Actual Behavior

aws_wafv2_web_acl.web_acl: Modifying... ╷ │ Error: expanding WAFv2 WebACL JSON rule (xxxx): decoding JSON: illegal base64 data at input byte 7 │ │ with aws_wafv2_web_acl.web_acl, │ on waf.tf line 14, in resource "aws_wafv2_web_acl" "web_acl": │ 14: resource "aws_wafv2_web_acl" "web_acl" {

Terraform Configuration Files

terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
      version = "5.72.1"
    }
  }
}

provider "aws" {
  region  = "us-east-1"
}

resource "aws_wafv2_web_acl" "web_acl" {

  description = "WAFv2 for use with CloudFront."
  name        = "example_waf"
  scope       = "CLOUDFRONT"

  default_action {
    block {}
  }

  rule_json = jsonencode(
    [
      {
        "Name": "example_rule0",
        "Priority": 0,
        "Statement": {
          "ByteMatchStatement": {
            "SearchString": "example.com",
            "FieldToMatch": {
              "SingleHeader": {
                "Name": "host"
              }
            },
            "TextTransformations": [
              {
                "Priority": 0,
                "Type": "NONE"
              }
            ],
            "PositionalConstraint": "EXACTLY"
          }
        },
        "Action": {
          "Block": {}
        },
        "VisibilityConfig": {
          "SampledRequestsEnabled": true,
          "CloudWatchMetricsEnabled": true,
          "MetricName": "example_rule0"
        }
      },
      {
        "Name": "example_rule1",
        "Priority": 1,
        "Statement": {
          "AndStatement": {
            "Statements": [
              {
                "ByteMatchStatement": {
                  "SearchString": "example.com",
                  "FieldToMatch": {
                    "SingleHeader": {
                      "Name": "host"
                    }
                  },
                  "TextTransformations": [
                    {
                      "Priority": 0,
                      "Type": "NONE"
                    }
                  ],
                  "PositionalConstraint": "EXACTLY"
                }
              },
              {
                "ByteMatchStatement": {
                  "SearchString": "/example/",
                  "FieldToMatch": {
                    "UriPath": {}
                  },
                  "TextTransformations": [
                    {
                      "Priority": 0,
                      "Type": "NONE"
                    }
                  ],
                  "PositionalConstraint": "STARTS_WITH"
                }
              }
            ]
          }
        },
        "Action": {
          "Block": {}
        },
        "VisibilityConfig": {
          "SampledRequestsEnabled": true,
          "CloudWatchMetricsEnabled": true,
          "MetricName": "example_rule1"
        }
      }
    ]
  )

  visibility_config {
    cloudwatch_metrics_enabled = true
    metric_name                = "example_waf"
    sampled_requests_enabled   = true
  }
}

hashicorp / terraform-provider-aws