[英]Internal Exception while creating AWS FMS Policy for CloudFront
I am getting below error while creating firewall manager policy for cloud front distribution.在为云前端分发创建防火墙管理器策略时出现以下错误。 the documentation provide little details on how to deploy a Cloudfront distribution which is a Global resource.该文档几乎没有提供有关如何部署作为全局资源的 Cloudfront 分发的详细信息。
I am getting below error while executing my code:执行我的代码时出现以下错误:
aws_fms_policy.xxxx: Creating...
╷
│ Error: error creating FMS Policy: InternalErrorException:
│
│ with aws_fms_policy.xxxx,
│ on r_wafruleset.tf line 1, in resource "aws_fms_policy" "xxxx":
│ 1: resource "aws_fms_policy" "xxxx" {
│
╵
Releasing state lock. This may take a few moments...
main.tf looks like this with provider information: main.tf 看起来像这样带有提供者信息:
provider "aws" {
region = "ap-southeast-2"
assume_role {
role_arn = "arn:aws:iam::${var.account_id}:role/yyyy"
}
}
provider "aws" {
alias = "us_east_1"
region = "us-east-1"
assume_role {
role_arn = "arn:aws:iam::${var.account_id}:role/yyyy"
}
}
r_fms.tf looks like this: r_fms.tf 看起来像这样:
resource "aws_fms_policy" "xxxx" {
name = "xxxx"
exclude_resource_tags = true
resource_tags = var.exclude_tags
remediation_enabled = true
provider = aws.us_east_1
include_map {
account = ["123123123"]
}
resource_type = "AWS::CloudFront::Distribution"
security_service_policy_data {
type = "WAFV2"
managed_service_data = jsonencode(
{
type = "WAFV2"
defaultAction = {
type = "ALLOW"
}
overrideCustomerWebACLAssociation = false
postProcessRuleGroups = []
preProcessRuleGroups = [
{
excludeRules = []
managedRuleGroupIdentifier = {
vendorName = "AWS"
managedRuleGroupName = "AWSManagedRulesAmazonIpReputationList"
version = true
}
overrideAction = {
type = "COUNT"
}
ruleGroupArn = null
ruleGroupType = "ManagedRuleGroup"
sampledRequestsEnabled = true
},
{
excludeRules = []
managedRuleGroupIdentifier = {
managedRuleGroupName = "AWSManagedRulesWindowsRuleSet"
vendorName = "AWS"
version = null
}
overrideAction = {
type = "COUNT"
}
ruleGroupArn = null
ruleGroupType = "ManagedRuleGroup"
sampledRequestsEnabled = true
},
]
sampledRequestsEnabledForDefaultActions = true
})
}
}
I have tried to follow the thread but still getting below error: https://github.com/hashicorp/terraform-provider-aws/issues/17821我试图按照线程进行操作,但仍然出现以下错误: https://github.com/hashicorp/terraform-provider-aws/issues/17821
Terraform Version: Terraform 版本:
Terraform v1.1.7
on windows_386
+ provider registry.terraform.io/hashicorp/aws v4.6.0
There is open issue in terraform aws provider. terraform aws 提供商中存在未解决的问题。
A workaround for this issue is to remove: 'version' attribute;此问题的解决方法是删除:“版本”属性;
AWS has recently introduced Versioning with WAF policies managed by Firewall Manager; AWS 最近推出了由 Firewall Manager 管理的带有 WAF 策略的版本控制; which is causing this weird error.这导致了这个奇怪的错误。 Though a permanent fix is InProgress (refer my earlier post) we can remove the attribute to avoid this error.虽然永久修复正在进行中(请参阅我之前的帖子),但我们可以删除该属性以避免此错误。
Another approach is to use the new attribute: versionEnabled=true in case you want versioning enabled.另一种方法是使用新属性:versionEnabled=true 以防您希望启用版本控制。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.