Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Invalid ARN when creating aws.wafv2.WebAclLoggingConfiguration
See original GitHub issueWhen trying to create aws.wafv2.WebAclLoggingConfiguration it fails with The ARN isn’t valid. A valid ARN begins with arn: and includes other information separated by colons or slashes. Thing is that the arn format its ok, spoke with AWS support and they said that all the setup was made properly for aws and api calls so it seems to be a pulumi issue.
Here is the example code from @pulumi/aws module:
const example = new aws.wafv2.WebAclLoggingConfiguration("example", {
logDestinationConfigs: [aws_kinesis_firehose_delivery_stream.example.arn],
resourceArn: aws_wafv2_web_acl.example.arn,
redactedFields: [{
singleHeader: {
name: "user-agent",
},
}],
});
And this is my code:
const waflogging = new aws.wafv2.WebAclLoggingConfiguration("model-builder-waflogging", {
logDestinationConfigs: [kinesisStream.arn],
resourceArn: wafwebacl.arn // I tried to manually add as string but same issue.
}, { dependsOn: kinesisStream });
When I run Pulumi, I have the following error:
* error putting WAFv2 Logging Configuration for resource (arn:aws:wafv2:us-east-1:796031763495:global/webacl/modelbuilderCF/80986c63-50d8-4775-b82e-91339616cc81): WAFInvalidParameterException: Error reason: The ARN isn't valid. A valid ARN begins with arn: and includes other information separated by colons or slashes., field: RESOURCE_ARN, parameter: arn:aws:wafv2:us-east-1:796031763495:global/webacl/modelbuilderCF/80986c63-50d8-4775-b82e-91339616cc81
{
RespMetadata: {
StatusCode: 400,
RequestID: "79d08de5-b145-4eb5-9f35-c67ef076f3ac"
},
Field: "RESOURCE_ARN",
Message_: "Error reason: The ARN isn't valid. A valid ARN begins with arn: and includes other information separated by colons or slashes., field: RESOURCE_ARN, parameter: arn:aws:wafv2:us-east-1:796031763495:global/webacl/modelbuilderCF/80986c63-50d8-4775-b82e-91339616cc81",
Parameter: "arn:aws:wafv2:us-east-1:796031763495:global/webacl/modelbuilderCF/80986c63-50d8-4775-b82e-91339616cc81",
Reason: "The ARN isn't valid. A valid ARN begins with arn: and includes other information separated by colons or slashes."
}
For now I had to manually enable logging to my webacl v2 but It will be nice to have it all done from Pulumi. Please advise if its something I do wrong or is there any other constructor that I can use to configure logging. I tried to add the ARN as string but same outcome.
Thanks
Issue Analytics
- State:
- Created 3 years ago
- Comments:19 (2 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
You need to ensure your delivery stream’s name begins with
aws-waf-logs-.This was fixed by doing the following:
Closing issue.