1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Hello.
CloudFormation templates have been modified to work.
The error was caused by a failure in the "Rules" section to obtain the "IPSetReferenceStatement" Arn.
Also, because "Capacity" was set to 1, only one rule could be set.
So we are increasing it to the maximum value of 1500.
AWSTemplateFormatVersion: 2010-09-09
Resources:
MyIPSetdenya:
Type: AWS::WAFv2::IPSet
Properties:
Name: MyIPSeta
Description: IP Set to deny access to specific IP addresses
Scope: REGIONAL
IPAddressVersion: IPV4
Addresses:
- 192.0.2.44/32
MyIPSetAllow:
Type: AWS::WAFv2::IPSet
Properties:
Name: MyIPSetAllow
Description: IP Set to deny access to
Scope: REGIONAL
IPAddressVersion: IPV4
Addresses:
- 10.0.0.0/32
MyIPSetRule:
Type: AWS::WAFv2::RuleGroup
Properties:
Name: MyIPSetRule
Description: Rule to use IPSet for denial
Scope: REGIONAL
Capacity: 1500
Rules:
- Action:
Block: {}
Name: MyIPSetDenya
Priority: 0
Statement:
IPSetReferenceStatement:
Arn: !GetAtt MyIPSetdenya.Arn
VisibilityConfig:
SampledRequestsEnabled: true
CloudWatchMetricsEnabled: true
MetricName: aws-waf-logs-dev-inf-deny
- Action:
Allow: {}
Name: MyIPSetAllow
Priority: 1
Statement:
IPSetReferenceStatement:
Arn: !GetAtt MyIPSetAllow.Arn
VisibilityConfig:
SampledRequestsEnabled: true
CloudWatchMetricsEnabled: true
MetricName: aws-waf-logs-dev-inf-allow
VisibilityConfig:
CloudWatchMetricsEnabled: true
MetricName: waf-metric
SampledRequestsEnabled: true
How did I miss the capacity!!!!??? the code works now!! I have been spending all day with WAF from morning, still gotta add two more AWS managed rules to the template which I can do. Thank you Riku you are the best and you are my saviour!!!