AWS_WAF_WEB_ACLS returns an empty array

[fisher-rovco]

Describe the problem

Checking for existence of AWS_WAF_WEB_ACLS returns an empty array. The WAF exists and is of regional (vs cloudfront) scope in a non us region.

  ×  Check WAF exists: Check WAF exists
     ×  aws_waf_web_acls web_acl_ids is expected to include "WEB_ACL_ID"
     expected [] to include "WEB_ACL_ID"

and

describe aws_waf_web_acl(web_acl_id: '***') do
    it { should exist }
  end

Fails, despite having retrieved the ID via the cli aws wafv2 list-web-acls --scope REGIONAL

Possible Solution

The ruby get_web_acl call in the SDK asks for the scope, however there is no ability to provide one in Inspec?

[robertdeheer]

I'm seeing this issue as well. It looks like it doesn't support the WAF V2 api yet. V2 is mentioned here

https://docs.chef.io/inspec/resources/aws_waf_web_acl/

I have prepared the code changes here, but there are still additional updates to the pr that are required before merging, like unit tests, linting, docs... I will work on these changes, but if anyone would like to complete them, feel free. It will take me some time to set up a dev environment.

https://github.com/inspec/inspec-aws/pull/974/files