Aws-cli: Unable to create a rule group with a Rate based rules in wafv2
I'm trying to create a rule group using the following command -
aws wafv2 create-rule-group --name RateBasedRuleGroup \
--scope REGIONAL \
--capacity 1500 \
--rules file://rulegroup.json \
--visibility-config SampledRequestsEnabled=true,CloudWatchMetricsEnabled=true,MetricName=SomeNameMetrics \
--region ap-south-1
It returns the error
An error occurred (WAFInvalidParameterException) when calling the CreateRuleGroup operation: Error reason: A reference in your rule statement is not valid., field: RATE_BASED_STATEMENT, parameter: RateBasedStatement
My rulegroup.json file looks like -
[
{
"Name": "RateBasedRule",
"Priority": 2,
"Action": {
"Block": {}
},
"Statement": {
"RateBasedStatement": {
"Limit": 2000,
"AggregateKeyType": "IP"
}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "RateBasedRuleMetric"
}
}
]
However when I try to add the rule individually through aws console using the same json, it works like a charm.
vologue
👍9
All 3 comments
I get this error too. Any solution?
rtjarvis
on 20 May 2020
👀3
👍2
I can reproduce, and it looks like a problem with the API.
kdaily
on 22 Sep 2020
Hi @vologue,
Rate-based rule statements are not allowed in rule groups. This is documented here:
https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-groups.html
Unfortunately, due to how the API model was written, this statement type is included erroneously, which is then propagated to all AWS SDKs, including documentation. This is a known issue, but no ETA on a resolution is known.
kdaily
on 23 Sep 2020
Was this page helpful?
0 / 5 - 0 ratings
Related issues
maanbsat
路
3Comments
schams-net
路
3Comments
levequej
路
3Comments
vadimkim
路
3Comments
DrStrangepork
路
3Comments
Most helpful comment
I get this error too. Any solution?