amazon-web-services - 使用 terraform 创建时出现错误 AWS WAFv2 Web ACL 托管规则
问题描述
我想创建一个 Cloudfront 范围的 AWS WAFv2 Web acl。我正在使用 AWS 托管规则。对于托管规则组中的某些规则,我有一个范围下降语句。我从 AWS 得到的 json 如下:
{
"Name": "AWS-AWSManagedRulesAdminProtectionRuleSet",
"Priority": 0,
"Statement": {
"ManagedRuleGroupStatement": {
"VendorName": "AWS",
"Name": "AWSManagedRulesAdminProtectionRuleSet",
"ScopeDownStatement": {
"ByteMatchStatement": {
"SearchString": "abc",
"FieldToMatch": {
"UriPath": {}
},
"TextTransformations": [
{
"Priority": 0,
"Type": "NONE"
}
],
"PositionalConstraint": "CONTAINS_WORD"
}
}
}
},
"OverrideAction": {
"Count": {}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "AWS-AWSManagedRulesAdminProtectionRuleSet"
}
}
此处的 AWS 文档说,在托管规则组语句中允许使用范围缩小语句。但是,当我在这里阅读 Terraform 文档时,我们没有任何范围缩小语句的选项。当我尝试创建如下规则时,它通过了 terraform 验证,但是当我应用它时,我收到一个 AWS 错误,提示我添加了两个语句,其中一个是必需的。这非常令人困惑。有没有办法我可以做到这一点,如果是的话如何?任何帮助将不胜感激。
rule {
name = "AWS-AWSManagedRulesAdminProtectionRuleSet"
priority = 0
override_action {
count {}
}
statement {
managed_rule_group_statement {
name = "AWSManagedRulesAdminProtectionRuleSet"
vendor_name = "AWS"
} {
byte_match_statement {
field_to_match {
uri_path {}
}
search_string = "abc"
text_transformation {
priority = 0
type = "NONE"
}
positional_constraint = "CONTAINS_WORD"
}
}
visibility_config {
sampled_requests_enabled = true
metric_name = "AWS-AWSManagedRulesAdminProtectionRuleSet"
cloudwatch_metrics_enabled = true
}
}
解决方案
I managed to get this to work by upgrading the aws provider version to 3.52.0. I added the following:
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "3.52.0"
}
}
}
The rule now looks as follows:
rule {
name = "AWS-AWSManagedRulesAdminProtectionRuleSet"
priority = 0
override_action {
count {}
}
statement {
managed_rule_group_statement {
name = "AWSManagedRulesAdminProtectionRuleSet"
vendor_name = "AWS"
scope_down_statement {
byte_match_statement {
field_to_match {
uri_path {}
}
search_string = "abc"
text_transformation {
priority = 0
type = "NONE"
}
positional_constraint = "CONTAINS_WORD"
}
}
}
}
visibility_config {
sampled_requests_enabled = true
metric_name = "AWS-AWSManagedRulesAdminProtectionRuleSet"
cloudwatch_metrics_enabled = true
}
}
推荐阅读
- java - 如何在片段功能中设置文本颜色?
- javascript - Javascript函数有时在某个级别不起作用
- google-chrome - 用于删除 Chrome/Opera 旧安装版本文件夹的批处理文件
- opengl - 绘制光滑圆
- git - 测试环境上的 Git 分支
- python - Tkinter 获取 OptionMenu 选项列表
- powershell - 如何使用变量来存储 catch 块的错误类型?
- javascript - 当在 php 中启用内容安全性时,如何执行从 JQuery Ajax 请求中检索到的内联脚本
- django - 如何从 url 中的不同模型中获取 slug 即路径(
- javascript - 如何在 Three.js 中使用 xy 角度和距离计算 xyz 相机位置?