search

trussworks / terraform-aws-wafv2

Creates a WAF using AWS WAFv2 and AWS Managed Rule Sets
https://registry.terraform.io/modules/trussworks/wafv2
Apache License 2.0
104 stars 58 forks source link

AWS Error: "ManagedRules with name AWSManagedRulesAmazonIpReputationList by vendor AWS does not exist." #23

Closed chrisgilmerproj closed 3 years ago

chrisgilmerproj commented 3 years ago

When using this module's defaults this error appears during terraform apply:

WAFNonexistentItemException: ManagedRules with name AWSManagedRulesAmazonIpReputationList by vendor AWS does not exist. Please check your inputs

It's odd because the rule is clearly listed here:

My code is:

module "alb_wafv2" {
  source  = "trussworks/wafv2/aws"
  version = "2.0"

  name  = "alb-web-acl"
  scope = "REGIONAL"

  alb_arn       = module.app_alb.alb_arn
  associate_alb = true
}

Is this a known issue or something that has happened recently? I don't seem to have an answer for this. Here is the updated code I'm using:

module "alb_wafv2" {
  source  = "trussworks/wafv2/aws"
  version = "2.0"

  name  = "alb-web-acl"
  scope = "REGIONAL"

  alb_arn       = module.app_alb.alb_arn
  associate_alb = true
  managed_rules = [
    {
      "excluded_rules" : [],
      "name" : "AWSManagedRulesCommonRuleSet",
      "override_action" : "none",
      "priority" : 10
    },
    {
      "excluded_rules" : [],
      "name" : "AWSManagedRulesKnownBadInputsRuleSet",
      "override_action" : "none",
      "priority" : 30
    },
    {
      "excluded_rules" : [],
      "name" : "AWSManagedRulesSQLiRuleSet",
      "override_action" : "none",
      "priority" : 40
    },
    {
      "excluded_rules" : [],
      "name" : "AWSManagedRulesLinuxRuleSet",
      "override_action" : "none",
      "priority" : 50
    },
    {
      "excluded_rules" : [],
      "name" : "AWSManagedRulesUnixRuleSet",
      "override_action" : "none",
      "priority" : 60
    }
  ]
}
jsclarridge commented 3 years ago

@chrisgilmerproj That's odd. Which version of the AWS provider are you using? The most recent terratests with AWS provider 3.16 were successful.

So far I haven't been able to reproduce the error. Are you still seeing the same issue?

chrisgilmerproj commented 3 years ago

Here's my provider:

provider "aws" {
  region  = "us-gov-west-1"
  version = "~> 3.18.0"
}

Here's my terraform version:

$ terraform -version
Terraform v0.13.5

This makes me wonder if its an issue with gov-cloud and not commercial.

dynamike commented 3 years ago

yeah, that managed ruleset doesn't exist in GovCloud for some reason based on my brief poking at a GovCloud AWS console.

chrisgilmerproj commented 3 years ago

Good to know! Might be worth updating the docs to let folks know what to do, otherwise I think we're good to go.

chrisgilmerproj commented 3 years ago

Oh, thanks for the quick response folks!

dynamike commented 3 years ago

I'll pop a PR up shortly to add a note, let us know if you run into other issues with the module.