search

mikesouza / serverless-associate-waf

Associate a regional WAF with the AWS API Gateway used by your Serverless stack.
MIT License
27 stars 17 forks source link

Use existing WAF with plugin #30

Open iwt-kschoenrock opened 3 years ago

iwt-kschoenrock commented 3 years ago

Hello! I'm trying to use a WAF created with Terraform with the serverless-associate-waf plugin, but I get the following error when trying to deploy:

Error: The CloudFormation template is invalid: Unresolved resource dependencies [ApiGatewayRestApi] in the Outputs block of the template

The offending snippet seems to be this, at the end of cloudformation-template-update-stack.json:

...
"ApiGatewayRestApiWaf": {
  "Description": "Rest API Id",
  "Value": {
    "Ref": "ApiGatewayRestApi"
  }
}

I've configured the plugin as follows (only the changes introduced):

serverless.yaml:

custom:
  stages:
    stageName:
      waf_name: stageName-acl
  associateWaf:
    name: ${self:custom.stages.${self:provider.stage}.waf_name}
    version: Regional

plugins:
  - serverless-associate-waf

The WAF (classic) is named stageName-acl, as verified on the AWS Console, but I see no mention of it in the Cloudformation files. Am I doing something wrong?

Versions:

$ sls --version
Framework Core: 2.4.0 (local)
Plugin: 4.0.4
SDK: 2.3.2
Components: 3.2.1

serverless-associate-waf: 1.2.1

mikesouza commented 3 years ago

@iwt-kschoenrock Thank you for providing plenty of details, especially the version information. The error you're getting is strange.

If you comment out the inclusion of the serverless-associate-waf plugin, does Serverless deploy successfully?

If it does work successfully without using the plugin, I will try to investigate and reproduce your issue today. This issue may have to do with Serverless Framework v2.0 being released last month. I have not tested the plugin's compatibility yet.

iwt-kschoenrock commented 3 years ago

Thanks for the fast response. Yes, commenting the plugin out allows Serverless to deploy successfully.

mikesouza commented 3 years ago

@iwt-kschoenrock I am unable to reproduce this. Does not appear to be related to Serverless version. If you replace the interpolation (${self:custom.stages.${self:provider.stage}.waf_name}) with stageName-acl, does it work?

iwt-kschoenrock commented 3 years ago

No, the same error happens...

SachinKSingh28 commented 3 years ago

We see the same error when we pass the api-gateway id as an input to serverless. May be it happens because plugin is expecting autogenerated api gateway id.

I made an attempt to fix the issue in this PR when you have an api gateway external to serverless

VincentHuysmans1 commented 3 years ago

Any updates on this ? Currently running into the same problem. I try to attach a webacl generated with terraform and get the same error.

Error: The CloudFormation template is invalid: Unresolved resource dependencies [ApiGatewayRestApi] in the Outputs block of the template

  Your Environment Information ---------------------------
     Operating System:          win32
     Node Version:              15.5.1
     Framework Version:         2.22.0
     Plugin Version:            4.4.2
     SDK Version:               2.3.2
     Components Version:        3.6.0
sakthi-ganesh commented 3 years ago

@MikeSouza

Can you please tell me when are you planning to release this fix as a new version?

willpeixoto commented 1 year ago

Hello @MikeSouza, Any updates on that one? I'm having the same issue here. Any workaround?