wafv2: CfnWebACL Rules property has incorrect CloudFormation schema
See original GitHub issuelink to reference doc page: https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-wafv2.CfnWebACL.html
I tried instantiating a simple WAF ACL with the following code:
const acl = new waf.CfnWebACL(this, 'ACL', {
defaultAction: {
allow: true,
},
scope: 'CLOUDFRONT',
visibilityConfig: {
cloudWatchMetricsEnabled: true,
metricName: 'waf', // TODO add a stage suffix
sampledRequestsEnabled: false,
},
rules: {
rules: [
{ name: 'AWS-AWSManagedRulesAmazonIpReputationList' },
{ name: 'AWS-AWSManagedRulesCommonRuleSet' },
{ name: 'AWS-AWSManagedRulesKnownBadInputsRuleSet' },
{ name: 'AWS-AWSManagedRulesSQLiRuleSet' },
{ name: 'AWS-AWSManagedRulesLinuxRuleSet' },
],
},
});
The code compiles but cdk deploy
fails with an ACL Internal Failure
that doesn’t provide any helpful context.
Can you update the document with a working starter example?
This is a 📕 documentation issue
Issue Analytics
- State:
- Created 4 years ago
- Comments:32 (9 by maintainers)
Top Results From Across the Web
interface JsonBodyProperty · AWS CDK
Use the specifications in this object to indicate which parts of the JSON body to inspect using the rule's inspection criteria. AWS WAF...
Read more >Using Custom Resources to Extend your CloudFormation
Provisioning non-AWS resources with CloudFormation. The second reason to use custom resources is to add infrastructure-as-code properties to ...
Read more >Different signatures for **wafv2.CfnWebACL** interface in aws ...
Because the documentation link in the question refers to aws-waf , and you're using aws-wafv2 , which is different.
Read more >10 Solutions to Common CloudFormation Errors - Medium
In multiple instances, I found that I created a resource via AWS Console and didn't even realize a property was required until creating...
Read more >AWS CloudFormation Properties Cheat Sheet
AWS CloudFormation Resource Type properties Cheat Sheet ... Events, Name, Overrides, Properties, SchemaVersion, SourceId, Tags, Variants.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
I’ve discovered you get the error “Your statement has multiple values set for a field that requires exactly one value., field: RULE, parameter: Rule” is returned if you are missing the
OverrideAction
on theManagedRuleGroupStatement
. The field is needed even if you don’t want to override it, you specify “none” as per the docs.Clearly a CF issue because the cdk types can’t enforce this the way they are, but this GH Issue is the main result when searching for that error message so hopefully this helps someone.
Given this page is the first (and only, really) coming up in Google for the error
I would add to @tmo-trustpilot 's comment above:
overrideAction
andaction
Hope this helps someone.