Terraform-provider-aws: wafV2 byte_match_statement not working ?
Community Note
- Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform CLI and Terraform AWS Provider Version
`Terraform v0.13.5
- provider registry.terraform.io/hashicorp/aws v3.16.0
- provider registry.terraform.io/hashicorp/template v2.2.0`
Affected Resource(s)
aws_wafv2_web_acl
byte_match_statement
Terraform Configuration Files
resource "aws_wafv2_web_acl" "wafacl" {
name = var.waf_name
description = "Waf ruleset for protection of ${var.waf_name}"
scope = "REGIONAL"
tags = merge(var.common_tags, map("Name", var.waf_name))
default_action {
block {}
}
rule {
name = var.rule_name
priority = 0
action {
count {}
}
statement {
byte_match_statement {
field_to_match {
single_header {
name = "x-api-key"
}
}
search_string = var.api_key_id
positional_constraint = "EXACTLY"
text_transformation {
type = "NONE"
priority = 0
}
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "${var.waf_name}-acl"
sampled_requests_enabled = true
}
}
}
Expected Behavior
I have set every property and still get the same behavior. In the display, I don't have override_action because it didn't make a difference if it was there or not. No matter what i try this keeps giving the same error, but I would expect it would create a new waf rule.
Actual Behavior
`Error: Required attribute is not set
on waf/main.tf line 1, in resource "aws_wafv2_web_acl" "wafacl":
1: resource "aws_wafv2_web_acl" "wafacl" {`
Steps to Reproduce
terraform apply
References
pulling my information from https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl
found a similar issue at https://github.com/hashicorp/terraform-provider-aws/issues/15576 that was closed by the author with no explanation of why
- #0000
CKozanecki
All 5 comments
Would love some help figuring out what I am doing wrong on this if I am the cause.
CKozanecki
on 20 Nov 2020
Hi @CKozanecki , thank you for raising this issue! making a quick initial pass here, I see that nested block field in default_action should be set with the config block syntax (ref: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl#default-action) e.g.
default_action {
block {}
}
hope this helps in the meantime!
anGie44
on 20 Nov 2020
Thanks @anGie44, that was a copy paste issue from source control, but I already fixed that one. I will update with what is on my server
CKozanecki
on 20 Nov 2020
sounds good! the other thing i'm noting in the example provided is that the resource needs a visibility_config in addition to the one inside of the rule block so something like
resource "aws_wafv2_web_acl" "wafacl" {
# other config
rule {
visibility_config {
...
}
}
visibility_config {
...
}
}
tho could be a copy paste issue as well?
anGie44
on 20 Nov 2020
Looks like that is the answer! There wasn't an example in the documentation for my type of statement, and I didnt notice that it requires one for the IAM and the RULE.
Thank you very much @anGie44 !
CKozanecki
on 20 Nov 2020
Related issues
reedloden
路
3Comments
modax
路
3Comments
hashibot
路
3Comments
andywirv
路
3Comments
EmmN
路
3Comments
Most helpful comment
Looks like that is the answer! There wasn't an example in the documentation for my type of statement, and I didnt notice that it requires one for the IAM and the RULE.
Thank you very much @anGie44 !