[英]How to create a WAF ACL with more than 1 managed statement
I'm trying to create a WAF ACL using two AWS Managed rules.我正在尝试使用两个 AWS 托管规则创建 WAF ACL。 These should be evaluated in natural order from priority 1 and then 2.
这些应按优先级 1 和 2 的自然顺序进行评估。
I've got:我有:
resource "aws_wafv2_web_acl" "acl" {
name = "us-blog-production-waf-acl"
scope = "REGIONAL"
default_action {
allow {}
}
rule {
name = "managed-common-rules"
priority = 0
override_action {
none {}
}
statement {
managed_rule_group_statement {
name = "AWSManagedRulesCommonRuleSet"
vendor_name = "AWS"
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "us-blog-production-managed-common-rules"
sampled_requests_enabled = true
}
}
rule {
name = "ip-reputation-rules"
priority = 1
override_action {
none {}
}
statement {
managed_rule_group_statement {
name = "AWSManagedRulesAmazonIpReputationList"
vendor_name = "AWS"
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "us-blog-production-ip-reputation-rules"
sampled_requests_enabled = true
}
}
rule {
name = "acccount-takeover-rules"
priority = 2
override_action {
none {}
}
statement {
managed_rule_group_statement {
name = "AWSManagedRulesATPRuleSet"
vendor_name = "AWS"
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "us-blog-production-account-takeover-rules"
sampled_requests_enabled = true
}
}
visibility_config {
cloudwatch_metrics_enabled = false
metric_name = "us-blog-production-waf"
sampled_requests_enabled = false
}
}
I tried having two rule
blocks inside the aws_wafv2_web_acl
resource block but wouldn't work either.我尝试在
aws_wafv2_web_acl
资源块中有两个rule
块,但也不起作用。
The error I'm getting is:我得到的错误是:
│ {
│ RespMetadata: {
│ StatusCode: 400,
│ RequestID: "77a6b751-49b1-46d0-af20-39a25e578e79"
│ },
│ Field: "MANAGED_RULE_SET_STATEMENT",
│ Message_: "Error reason: A required field is missing from the parameter., field: MANAGED_RULE_SET_STATEMENT, parameter: ManagedRuleSetConfig",
│ Parameter: "ManagedRuleSetConfig",
│ Reason: "A required field is missing from the parameter."
│ }
How should I set it up?我应该如何设置它?
As per my comment, the documentation says you can have multiple rules in the resource, but you have to have one of action
or override_action
[1]:根据我的评论,文档说你可以在资源中有多个规则,但你必须有一个
action
或override_action
[1]:
One of
action
oroverride_action
is required when specifying a rule指定规则时需要
action
或override_action
之一
This is what is missing in your code.这是您的代码中缺少的内容。
EDIT: The second issue that is happening is probably because there is additional pricing for the ATP managed rule set [2].编辑:发生的第二个问题可能是因为 ATP 托管规则集 [2] 有额外的定价。
[1] https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl#rules [1] https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl#rules
[2] https://aws.amazon.com/waf/pricing/#Intelligent_threat_mitigation_from_AWS_WAF [2] https://aws.amazon.com/waf/pricing/#Intelligent_threat_mitigation_from_AWS_WAF
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.