Terraform-provider-aws: Cannot remove rules from aws_waf_web_acl

Created on 8 Jun 2018  ·  3Comments  ·  Source: hashicorp/terraform-provider-aws

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version


Terraform v0.11.7

  • provider.aws v1.15.0

Affected Resource(s)

  • aws_waf_web_acl
  • aws_waf_rule

Terraform Configuration Files

Before

resource "aws_waf_web_acl" "global_waf_acl" {
  name        = "GlobalWAF"
  metric_name = "GlobalWAF"

  default_action { type = "ALLOW" }

  rules {
    action { type = "BLOCK" }
    priority = 1
    rule_id  = "${aws_waf_rate_based_rule.brute_force_rule.id}"
    type     = "RATE_BASED"
  }

  rules {
    action { type = "BLOCK" }
    priority = 2
    rule_id  = "${aws_waf_rule.auto_block_list_rule.id}"
    type     = "REGULAR"
  }
}

First attempt

resource "aws_waf_web_acl" "global_waf_acl" {
  name        = "GlobalWAF"
  metric_name = "GlobalWAF"

  default_action { type = "ALLOW" }

  rules {
    action { type = "BLOCK" }
    priority = 1
    rule_id  = "${aws_waf_rate_based_rule.brute_force_rule.id}"
    type     = "RATE_BASED"
  }

  rules {
    action { type = "BLOCK" }
    priority = 2
    rule_id  = "${aws_waf_rule.new_rule.id}"
    type     = "REGULAR"
  }

  rules {
    action { type = "BLOCK" }
    priority = 3
    rule_id  = "${aws_waf_rule.auto_block_list_rule.id}"
    type     = "REGULAR"
  }
}

* aws_waf_web_acl.global_waf_acl: Error Updating WAF ACL: Error Updating WAF ACL: ValidationException: Cannot allow rule <ID> with priority 2. Another rule already has this priority.

Second attempt

resource "aws_waf_web_acl" "global_waf_acl" {
  name        = "GlobalWAF"
  metric_name = "GlobalWAF"

  default_action { type = "ALLOW" }

  rules {
    action { type = "BLOCK" }
    priority = 1
    rule_id  = "${aws_waf_rate_based_rule.brute_force_rule.id}"
    type     = "RATE_BASED"
  }
}

aws_waf_web_acl.global_waf_acl: Modifications complete after 1s
All rules are still attached to WAF in AWS Console

Expected Behavior

I should be able to update rule priorities.

I should also be able to remove rules and have them removed from the WAF

Actual Behavior

Priority conflict.
Rules still present.

Steps to Reproduce

See above HCL

bug servicwaf
Source
picture BookOfGreg
👍4

Most helpful comment

The fix for this has been merged into master and will release with version 1.30.0 of the AWS provider, likely on Wednesday. 👍

picture bflad on 31 Jul 2018
👍2

All 3 comments

The fix for this has been merged into master and will release with version 1.30.0 of the AWS provider, likely on Wednesday. 👍

bflad picture bflad on 31 Jul 2018
👍2

This has been released in version 1.30.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

bflad picture bflad on 2 Aug 2018

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

hashibot[bot] picture hashibot[bot] on 4 Apr 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

hashibot picture hashibot  ·  36Comments
cjeanneret picture cjeanneret  ·  39Comments
marcincuber picture marcincuber  ·  39Comments
obourdon picture obourdon  ·  54Comments
tdmalone picture tdmalone  ·  89Comments