Closed MitchellGerdisch closed 4 months ago
The issue here is that the import command is wrong. You need pulumi import aws:wafv2/webAcl:WebAcl acl {ID}/{NAME}/{SCOPE}
.
Unfortunately I don't see how one would reasonably find that out.
Our docs don't have an import section: https://www.pulumi.com/registry/packages/aws/api-docs/wafv2/webacl/#forwardedipconfig_yaml
I checked it in the upstream docs: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl#import
I suspect that the unusual scheme here is probably what tripped up conversion.
here is the program I used:
name: aws_webacl
runtime: yaml
resources:
prov:
type: pulumi:providers:aws
defaultProvider: true
options:
version: 6.27.0
exampleWebAcl:
type: aws:wafv2:WebAcl
properties:
scope: "REGIONAL" # either CLOUDFRONT or REGIONAL
defaultAction:
block: {}
rules:
# List of rules to include in the ACL
- name: "rateLimitRule"
priority: 1
statement:
rateBasedStatement:
limit: 2000
aggregateKeyType: "FORWARDED_IP"
forwardedIpConfig:
fallbackBehavior: NO_MATCH
headerName: "X-Forwarded-For"
action:
count: {}
visibilityConfig:
sampledRequestsEnabled: true
cloudwatchMetricsEnabled: true
metricName: "rateLimitRule"
visibilityConfig:
sampledRequestsEnabled: true
cloudwatchMetricsEnabled: true
metricName: "exampleWebAcl"
outputs:
exampleWebAclId: "${exampleWebAcl.id}"
exampleWebAclName: "${exampleWebAcl.name}"
exampleWebAclScope: "${exampleWebAcl.scope}"
And then ran pulumi import aws:wafv2/webAcl:WebAcl main 38850b8f-2cbc-441e-9cb4-7d529b1b49d6/exampleWebAcl-8121fe8/REGIONAL
which generated:
resources:
main:
type: aws:wafv2:WebAcl
properties:
defaultAction: {}
name: exampleWebAcl-8121fe8
rules:
- name: rateLimitRule
priority: 1
statement:
rateBasedStatement:
aggregateKeyType: FORWARDED_IP
forwardedIpConfig:
fallbackBehavior: NO_MATCH
headerName: X-Forwarded-For
limit: 2000
visibilityConfig:
cloudwatchMetricsEnabled: true
metricName: rateLimitRule
sampledRequestsEnabled: true
scope: REGIONAL
visibilityConfig:
cloudwatchMetricsEnabled: true
metricName: exampleWebAcl
sampledRequestsEnabled: true
options:
protect: true
That looks roughly correct. I'm going to close this issue and raise an issue in the bridge for the docs.
Raised https://github.com/pulumi/pulumi-terraform-bridge/issues/1769 for the docs issue.
What happened?
Tried to import a WAF WebACL and get error:
error: Preview failed: resource 'xxxxxx-yyyyy-zzzzz-aaaa-bbbbbbbb' does not exist
Example
xxxxxx-yyyyy-zzzzz-aaaa-bbbbbbbb
pulumi import aws:wafv2/webAcl:WebAcl acl xxxxxx-yyyyy-zzzzz-aaaa-bbbbbbbb
xxxxxx-yyyyy-zzzzz-aaaa-bbbbbbbb
does not existOutput of
pulumi about
CLI
Version 3.108.0 Go Version go1.22.0 Go Compiler gc
Plugins NAME VERSION python unknown random 4.16.0
Host
OS darwin Version 13.6.3 Arch x86_64
Current Stack: python-import-test/dev
Found no resources associated with dev
Found no pending operations associated with dev
Backend
Name pulumi.com
Dependencies: NAME VERSION pip 24.0 pulumi_random 4.16.0 setuptools 69.1.1 wheel 0.42.0
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).