Hello Terraform, This might be double from the old ticket https://github.com/terraform-providers/terraform-provider-aws/issues/4078 but is there any view on when this will be fixed or is there maybe a work around to get the aws_wafregional_rate_based_rule linked some other way?

@mvankrieken I have retried and the problem still hasn't been resolved. My work-around is to attach rate based rule manually to WebACL.

Also, my bug is different from #4078 . It occurs particularly against rate based rule.

@exNewbie I also tried it for aws.version 1.22 but indeed i also still get the error. For now i manually added the rule i wanted. I did place
lifecycle {
ignore_changes = ["rule"]
}
To avoid a update loop, so the template as a whole does not get stuck.

@mvankrieken @exNewbie
Same issue applies to aws_wafregional_size_constraint_set, can not attach to a web acl

@keldush hmm i did not had trouble with that. You should make a set, connect that to a rule and then connect the rule to the web acl.

  resource "aws_wafregional_size_constraint_set" "size_constraint_uri" {
  name                  = "SomeNameMaxUriSet"

  size_constraints {
    text_transformation = "URL_DECODE"
    comparison_operator = "GT"
    size                = "100"


    field_to_match {
      type = "URI"
    }
  }
}

resource "aws_wafregional_rule" "size_constraint_uri_rule" {
  name                  = "SomeNameMaxUriRule"
  metric_name           = "SomeNameMaxUriRule"

  predicate {
    data_id = "${aws_wafregional_size_constraint_set.size_constraint_uri.id}"
    negated = false
    type    = "SizeConstraint"
  }

  depends_on  = ["aws_wafregional_size_constraint_set.size_constraint_uri"]
}

resource "aws_wafregional_web_acl" "main_alb_acl" {
  name                  = "SomeNameCsAcl"
  metric_name           = "SomeNameCsAcl"

  default_action {
    type = "ALLOW"
  }

  rule {
    action {
      type = "BLOCK"
    }
    priority = 1
    rule_id = "${aws_wafregional_rule.size_constraint_uri_rule.id}"
  }
  depends_on = ["aws_wafregional_rule.size_constraint_uri_rule"]
}

Something like above should work.

@mvankrieken you are absolutely correct sir, my bad.
its working for me.

I guess this is happening, because the provider currently ignores the Type field.

See:

• https://github.com/terraform-providers/terraform-provider-aws/blob/90db988284273d83e279151ee509068f8159918f/aws/resource_aws_wafregional_web_acl.go#L234-L238
• https://godoc.org/github.com/aws/aws-sdk-go/service/waf#ActivatedRule

From the GoDocs:

// The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined
// by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR.
// Although this field is optional, be aware that if you try to add a RATE_BASED
// rule to a web ACL without setting the type, the UpdateWebACL request will
// fail because the request tries to add a REGULAR rule with the specified ID,
// which does not exist.

The aws_wafregional_web_acl resource support for rule type has been merged into master via #4978 and will release with version 1.25.0 of the AWS provider, likely middle of this week. Please note you _must_ configure this new attribute for RATE_BASED rules.

This has been released in version 1.25.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

I was getting the same error when trying to attach 'aws_wafregional_rate_based_rule' to an web ACL. This was due 2 reason: 1. The rule type and 2. adding the depends_on parameter in web ACL for rate based rule.
You can see on AWS console that when you attach rate based rule to web ACL manually - rule type is 'Rate-based' unlike for other rules where it shows 'Regular'.
So when I defined the rule type explicitly in Terraform, it worked. something like this -

WAF Web ACL

===========================

resource "aws_wafregional_web_acl" "test" {
name = "test"
metric_name = "test"
depends_on = ["aws_wafregional_rate_based_rule.rate-rule-example"]

default_action {
type = "BLOCK"
}

rule {
action {
type = "ALLOW"
}
type = "RATE_BASED"
priority = 1
rule_id = "${aws_wafregional_rate_based_rule.rate-rule-example.id}"
}

}

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!