Cannot add any custom WAF rules

Question

Hello,

I cannot add any custom WAF rules.
I click the "validate" button and no error or warning is displayed.
When I click the "Add rule" button, nothing happens.
Any ideas why this happens?

Regards

Riku_Kobayashi · Accepted Answer

Hello.

Are you using the new AWS WAF UI console?  
You might be able to register if you switch to the older AWS WAF UI before proceeding.  
I recently experienced a similar problem, but I was able to solve it by reverting to the old UI.  
To revert the AWS WAF UI to the old UI, click "Switch to the old WAF console" at the bottom of the menu list on the left side of the screen.  
![a](/media/postImages/original/IMhp14swXdTcC4eUD2qLqHkQ)

Incidentally, it is also possible to update rules using the AWS CLI.  
https://docs.aws.amazon.com/cli/latest/reference/wafv2/update-web-acl.html  
https://docs.aws.amazon.com/cli/v1/userguide/cli_wafv2_code_examples.html

Kidd Ip · Answer

It was because AWS WAF rules must be created within the context of a Web ACL or rule group. Console validation function only verifies the rule syntax and does not persist changes. If the Add rule action produces no result, the most common causes are an unassociated Web ACL or issues with the console session itself, such as incomplete configuration or browser-related glitches.

https://docs.aws.amazon.com/waf/latest/developerguide/waf-rules.html

re:Post Agent · Answer

Based on the information available, there are several potential reasons why you might be experiencing issues when trying to add custom WAF rules:

**Common Parameter Issues:**
- You may have specified an invalid parameter name or value in your rule configuration
- The rule might be referencing a malformed ARN or an ARN that corresponds to a resource that cannot be associated with a web ACL
- If you're working with predicates like ByteMatchSet or IPSet, ensure they are properly created and configured before adding them to the rule

**Policy-Related Issues:**
If you're working with rule groups or policies, ensure that:
- Your policy is composed using IAM Policy version 2012-10-17
- The policy includes the required specifications for Effect, Action, and Principal
- Effect is set to "Allow"
- Actions are limited to the appropriate WAF actions (such as waf:UpdateWebACL, waf:GetRuleGroup, or their regional equivalents)
- The policy does not include a Resource parameter
- You are the owner of any RuleGroup you're trying to modify

**Recommended Steps:**
1. Double-check all parameter values in your rule configuration
2. Verify that any referenced resources (like IPSets or ByteMatchSets) exist and are properly configured
3. Ensure you have the necessary permissions to create or modify WAF rules
4. Try refreshing your browser or clearing your cache, as this could be a console display issue

If the problem persists after checking these items, you may want to try creating the rule through the AWS CLI or SDK to get more detailed error messages that might not be displayed in the console.  
**Sources**  
[CreateRule - AWS WAFV2](https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_CreateRule.html)  
[WAFInvalidPermissionPolicyException - botocore 1.42.50 documentation](https://docs.aws.amazon.com/botocore/latest/reference/services/waf/client/exceptions/WAFInvalidPermissionPolicyException.html)  
[WAFInvalidPermissionPolicyException - botocore 1.42.50 documentation](https://docs.aws.amazon.com/botocore/latest/reference/services/waf-regional/client/exceptions/WAFInvalidPermissionPolicyException.html)  
[WAFInvalidPermissionPolicyException - botocore 1.42.50 documentation](https://docs.aws.amazon.com/botocore/latest/reference/services/wafv2/client/exceptions/WAFInvalidPermissionPolicyException.html)

Cannot add any custom WAF rules

Add your answer

Relevant content