amazon-web-services - 为基于速率的规则创建 CfnWebACL 失败（AWS CDK WAF 区域）

问题描述

我正在尝试使用 AWS CDK（@aws-cdk/aws-wafregionalv1.4.0）设置基于速率的规则。

这是我非常简单的 JavaScript 设置：

const cdk = require('@aws-cdk/core');
const waf = require('@aws-cdk/aws-wafregional');


class TstStack extends cdk.Stack {
    constructor(scope, id, props) {
        super(scope, id, props);

        const rule = new waf.CfnRateBasedRule(this, 'rule', {
            metricName: `rateRule`,
            name: 'rate-rule',
            rateKey: 'IP',
            rateLimit: 2010
        });

        const acl = new waf.CfnWebACL(this, 'acl', {
            defaultAction: { type: 'ALLOW' },
            metricName: 'rateAcl',
            name: 'rate-acl',
            rules: [{
                action: { type: 'BLOCK' },
                priority: 1,
                ruleId: rule.ref
            }]
        });
    }
}

module.exports = { TstStack }

创建规则是没有问题的。但是在 Web ACL 上创建堆栈失败。错误信息是：

The referenced item does not exist. (Service: AWSWAFRegional; Status Code: 400; Error Code: WAFNonexistentItemException

我在这里缺少什么，为什么无法创建 CfnWebACL 对象？

作为参考，完整的输出：

3/4 | 9:49:31 PM | CREATE_FAILED        | AWS::WAFRegional::WebACL        | acl The referenced item does not exist. (Service: AWSWAFRegional; Status Code: 400; Error Code: WAFNonexistentItemException; Request ID: e4d897ef-c138-11e9-bf23-fb4702c5a89a)
    new TstStack (/app/infrastructure/apps/tst/lib/tst-stack.js:16:21)
    \_ Object.<anonymous> (/app/infrastructure/apps/tst/bin/tst.js:9:1)
    \_ Module._compile (internal/modules/cjs/loader.js:778:30)
    \_ Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
    \_ Module.load (internal/modules/cjs/loader.js:653:32)
    \_ tryModuleLoad (internal/modules/cjs/loader.js:593:12)
    \_ Function.Module._load (internal/modules/cjs/loader.js:585:3)
    \_ Function.Module.runMain (internal/modules/cjs/loader.js:831:12)
    \_ startup (internal/bootstrap/node.js:283:19)
    \_ bootstrapNodeJSCore (internal/bootstrap/node.js:622:3)

标签： amazon-web-servicesaws-cdkamazon-waf