Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

(network-firewall): unable to deploy the `CfnFirewallPolicy` construct

See original GitHub issue

I am unable to deploy the CfnFirewallPolicy construct fixed in the latest update. in typescript construct is valid, but in cloudformation its giving below error:

Properties validation failed for resource policy with message:
 #/FirewallPolicy/StatelessDefaultActions: expected type: JSONArray, found: JSONObject #/FirewallPolicy/StatelessFragmentDefaultActions: expected type: JSONArray, found: JSONObject

same issue was reported (network-firewall): unable to deploy the CfnFirewallPolicy construct #11974 and fixed in 1.83 CDK version but still am getting this error.

Using CDK 1.83

CDK Sample : Template

   const firewallpolicy = new CfnFirewallPolicy(this, 'policy', {
     firewallPolicyName: "cdkfirewallpolicy", 
     firewallPolicy: {
       statelessDefaultActions: {
         statelessActions: ['aws:pass'],
       },
       statelessFragmentDefaultActions: {
         statelessActions: ['aws:drop'],
      },
    },
   });

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:11 (7 by maintainers)

github_iconTop GitHub Comments

1reaction
swsunnycommented, Jan 21, 2021

@skinny85 Thanks!

I already updated and working on module creation.

Policy module done and now working on rule group.

1reaction
grusycommented, Jan 20, 2021

Looking good with the new cfnspec

The example above needs to be modified but then it generates deployable CloudFormation

   const firewallpolicy = new CfnFirewallPolicy(this, 'policy', {
     firewallPolicyName: "cdkfirewallpolicy", 
     firewallPolicy: {
       statelessDefaultActions: ['aws:pass'],
       statelessFragmentDefaultActions: ['aws:drop'],
     },
   });

I’ve tested the issue I had with ‘TargetTypes’ and that’s also working now.

Read more comments on GitHub >

github_iconTop Results From Across the Web

class CfnFirewallPolicy (construct) · AWS CDK
A CloudFormation AWS::NetworkFirewall::FirewallPolicy . Use the FirewallPolicy to define the stateless and stateful network traffic filtering behavior for ...
Read more >
AWS re:Inforce 2022 - Deploying AWS Network Firewall at scale
When the Log4j vulnerability became known in December 2021, athenahealth made the decision to increase their cloud security posture by ...
Read more >
awsnetworkfirewall - Go Packages
A CloudFormation `AWS::NetworkFirewall::FirewallPolicy`. Use the `FirewallPolicy` to define the stateless and stateful network traffic filtering behavior for ...
Read more >
NetworkFirewall — Boto3 Docs 1.26.35 documentation - AWS
You can't change this setting after you create the firewall. SubnetMappings (list) --. [REQUIRED]. The public subnets to use for your Network Firewall...
Read more >
CfnFirewallPolicy.CustomActionProperty (software.amazon.awscdk ...
You define and name the custom actions that you want to be able to use, ... you should change. import software.amazon.awscdk.services.networkfirewall.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

(cli): A way to get profile name in stack when it's specified in the command-line option

Next page

(assets): allow user to pass platform option to Docker builds