2 回答
- 最新
- 投票最多
- 评论最多
0
Hi, @Simon Cox
Your description describes only one Rule object for Rules.
It is unknown how CloudFormation interprets it, but it may have been overwritten by the last block.
I think you should write multiple Rules in the form of an array in Rules as follows.
"Rules": [
{
"Name": "IPSetDeny",
"Priority": 0,
"Statement": {
"IPSetReferenceStatement": {
"ARN": {
"Fn::GetAtt": [
"SampleIPSetDeny",
"Arn"
]
}
}
},
"Action": {
"Block": {}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "aws-waf-logs-dev-inf"
}
},
{
"Name": "IPSetAllow",
"Priority": 1,
"Statement": {
"IPSetReferenceStatement": {
"ARN": {
"Fn::GetAtt": [
"SampleIPSetAllow",
"Arn"
]
}
}
},
"Action": {
"Allow": {}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "aws-waf-logs-dev-inf"
}
},
{
"Name": "restrict-country",
"Priority": 2,
"Statement": {
"GeoMatchStatement": {
"CountryCodes": [
"GB"
]
}
},
"Action": {
"Allow": {}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "aws-waf-logs-dev-inf"
}
}
]
0
Hi @Iwasa thanks for your comment you were quite correct. I have used your example of an array of rules that my code is now working.
已回答 2 年前
相关内容
- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前