2 réponses
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
Hi, @Simon Cox
Your description describes only one Rule object for Rules.
It is unknown how CloudFormation interprets it, but it may have been overwritten by the last block.
I think you should write multiple Rules in the form of an array in Rules as follows.
"Rules": [
{
"Name": "IPSetDeny",
"Priority": 0,
"Statement": {
"IPSetReferenceStatement": {
"ARN": {
"Fn::GetAtt": [
"SampleIPSetDeny",
"Arn"
]
}
}
},
"Action": {
"Block": {}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "aws-waf-logs-dev-inf"
}
},
{
"Name": "IPSetAllow",
"Priority": 1,
"Statement": {
"IPSetReferenceStatement": {
"ARN": {
"Fn::GetAtt": [
"SampleIPSetAllow",
"Arn"
]
}
}
},
"Action": {
"Allow": {}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "aws-waf-logs-dev-inf"
}
},
{
"Name": "restrict-country",
"Priority": 2,
"Statement": {
"GeoMatchStatement": {
"CountryCodes": [
"GB"
]
}
},
"Action": {
"Allow": {}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "aws-waf-logs-dev-inf"
}
}
]
0
Hi @Iwasa thanks for your comment you were quite correct. I have used your example of an array of rules that my code is now working.
répondu il y a 2 ans
Contenus pertinents
- demandé il y a 5 mois
- demandé il y a un an
- demandé il y a 14 jours
- Réponse acceptéedemandé il y a un an
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 5 mois
- AWS OFFICIELA mis à jour il y a 2 ans