1 Answer
- Newest
- Most votes
- Most comments
1
Your template does not have "VisibilityConfig" in the rule group.
This is why the error is thought to be occurring.
So I think the following template will work.
The content has been changed from JSON to YAML, but it is the same.
https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-rulegroup.html#cfn-wafv2-rulegroup-visibilityconfig
AWSTemplateFormatVersion: '2010-09-09'
Resources:
MyIPSet:
Type: AWS::WAFv2::IPSet
Properties:
Name: MyIPSet
Description: IP Set to deny access to specific IP addresses
Scope: REGIONAL
IPAddressVersion: IPV4
Addresses:
- "192.0.2.44/32"
MyIPSetRule:
Type: AWS::WAFv2::RuleGroup
Properties:
Name: MyIPSetRule
Description: Rule to use IPSet for denial
Scope: REGIONAL
Capacity: 1
Rules:
- Action:
Block: {}
Name: IPSetDeny
Priority: 0
Statement:
IPSetReferenceStatement:
Arn: !GetAtt MyIPSet.Arn
VisibilityConfig:
SampledRequestsEnabled: true
CloudWatchMetricsEnabled: true
MetricName: aws-waf-logs-dev-inf1
VisibilityConfig:
CloudWatchMetricsEnabled: true
MetricName: waf-metric
SampledRequestsEnabled: true
Hi, Riku is correct: see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-rulegroup.html where VisibilityConfig is defined as mandatory
Thanks Riku and Didier. I will try and get back to you.
Relevant content
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 4 years ago
Hi, could you reformat you CFN code by making it a code block: use '</>' in the header of your question editor. It will make it more readable and allow us to help more efficiently
Sorry, code block used and updated the question.
An error pops after trying your answer "Resource handler returned message: "Error reason: The parameter contains formatting that is not valid., field: IP_ADDRESS, parameter: 192.0.2.44 (Service: Wafv2, Status Code: 400, Request ID: c36fab0f-e656-4505-b208-e9c443e5d0fb)" (RequestToken: 0656a642-5add-8fa5-cf93-0ccbab13ebe1, HandlerErrorCode: InvalidRequest)"
Will I still get an error if I use the CloudFormation template I created?
I guess so