search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.81k stars 9.16k forks source link

Cannot Add Subscription WAF Rule to aws_wafregional_web_acl #6105

Closed ghost closed 6 years ago

ghost commented 6 years ago

This issue was originally opened by @drogerschariot as hashicorp/terraform#19006. It was migrated here as a result of the provider split. The original body of the issue is below.

I'm trying to add a subscription WAF Rule to aws_wafregional_web_acl but getting errors. Keep in mind the rule_id is correct, and works with aws_waf_web_acl.

Terraform Version

Terraform v0.11.8
+ provider.aws v1.35.0

Terraform Configuration Files

resource "aws_wafregional_web_acl" "foo" {
  name = "foo"
  metric_name = "foo"
  default_action {
   type = "ALLOW"
 }
 rule {
  override_action {
       type = "NONE"
    }
  type = "GROUP"
  priority = 2
  rule_id = "<subscription_rule_id>"

  } 
}

Debug Output

Crash Output

Expected Behavior

Added the WAF Subscription to the Regional ACL.

Actual Behavior

Error: Error applying plan:

1 error(s) occurred:

Terraform does not automatically rollback in the face of errors. Instead, your Terraform state file has been partially updated with any resources that successfully completed. Please address the error above and apply again to incrementally change your infrastructure.

Steps to Reproduce

  1. terraform apply

Additional Context

If I create the Regional WAF ACL in the AWS GUI, I can add my subscription rule, and associate it with my ALB.

References

naisayer commented 6 years ago

I just had a similar issue. Double check the rule_id, the waf and waf-regional cli reports a different rule_id for the same rule in the same region:

aws waf-regional list-subscribed-rule-groups vs aws waf list-subscribed-rule-groups

drogerschariot commented 6 years ago

That was it @naisayer thanks! For anyone that needs to find the regional rule id for subscribed rules using AWS CLI, run the following: aws waf-regional list-subscribed-rule-groups

bflad commented 6 years ago

Does this documentation update seem reasonable? #6182

ghost commented 4 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!