module "waf-regional" {
source = "umotif-public/waf-webaclv2/aws"
count = var.waf_regional_enable ? 1 : 0
version = "4.6.1" # Fixed to 4.5.0 due the bug with rate-limit in 4.6.x
description = "${local.env_name_and_namespace} Default Web Application Firewall for ALB"
name_prefix = "${local.env_name_and_namespace}-Regional-WAFv2"
scope = "REGIONAL"
create_alb_association = false
allow_default_action = true # set to allow if not specified
rules = [
{
name = "Rate-Limit"
priority = 3
rate_based_statement = {
limit = 500
aggregate_key_type = "IP"
}
visibility_config = {
cloudwatch_metrics_enabled = true
metric_name = "RateLimit"
sampled_requests_enabled = true
}
action = "block"
}
]
│ Error: Invalid index
│
│ on .terraform/modules/waf-regional/main.tf line 2533, in resource "aws_wafv2_web_acl" "main":
│ 2533: for_each = contains(keys(rate_based_statement.value), "scope_down_statement") && rate_based_statement.value["scope_down_statement"] != null ? [lookup(rate_based_statement.value, "scope_down_statement", {})] : []
│ ├────────────────
│ │ rate_based_statement.value is object with 2 attributes
│
│ The given key does not identify an element in this collection value.
╵
Error points here -> && rate_based_statement.value["scope_down_statement"]
If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem.
The example above is enough to reproduce.
What is the expected behavior?
Terraform plan should pass.
Software versions?
Terraform v1.5.0
on darwin_arm64
What is the current behavior?
Error points here -> && rate_based_statement.value["scope_down_statement"]
If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem. The example above is enough to reproduce.
What is the expected behavior? Terraform plan should pass.
Software versions? Terraform v1.5.0 on darwin_arm64