Closed loffelmacher closed 3 years ago
Thanks for giving it a try. I am not actively working on this as I only built it as a proof of concept. I have seen you have closed this issue though and wondering if you found the root cause (for the benefits of others that may see the same problem). Thank you!
Sure, and thank you for putting this PoC together, it's really helpful!
I think what was ultimately the issue was a missing IAM permission for a new AWS API wafv2. So I made a local copy of the albiampolicy.json and added this block to it:
{
"Effect": "Allow",
"Action": [
"wafv2:GetWebACLForResource"
],
"Resource": "*"
}
I believe that I spotted the problem by adding the --aws-api-debug
into my ALB Controller's YAML then tailing the logs on the pod for the ALB Controller.
This is something that I'm running up against, not sure why this is happening, but it doesn't seem to happen every time, but most of the time, yes.