Using AWS WAF with Serverless Associate WAF
Question
I have created a Web ACL in my AWS account in the AWS WAF and assigned it some rules. In my serverless.yml file I have used the - serverless-associate-waf plugin.
But when I go to my Web ACLs > my acl > Associated AWS Resources, I do not see the associated API Gateway listed there.
Here is how my serverless.yml file looks:
service: ${opt:product}
plugins:
- serverless-domain-manager
- serverless-apigw-binary
- serverless-associate-waf
custom:
associateWaf:
name: name-of-my-acl
esLogs:
endpoint: link.amazonaws.com
index: "${opt:stage}-logs"
includeApiGWLogs: true
retentionInDays: 30
stage: ${opt:stage, 'dev'}
region: ${opt:region, 'ap-south-1'}
accountId: ${opt:accountId}
awsBucket: ${opt:awsBucket, 'documents'}
awsPermaBucket: ${opt:awsPermaBucket, 'perma-documents-dev'}
cryptoKey: ${opt:cryptoKey}
apigwBinary:
types:
- 'multipart/form-data'
customDomain:
domainName: ${opt:stage}-${opt:product}-api.io
basePath: ""
stage: ${self:custom.stage}
createRoute53Record: true
provider:
vpc:
securityGroupIds:
- sg-1234
subnetIds:
- subnet-1234
- subnet-1234
environment:
region: ${self:custom.region}
stage: ${self:custom.stage}
module: ${opt:product}
awsBucket: ${self:custom.awsBucket}
authToken: ${opt:authToken}
accountId: ${opt:accountId}
awsPermaBucket: ${self:custom.awsPermaBucket}
cryptoKey: ${opt:cryptoKey}
iamRoleStatements:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
- logs:DescribeLogStreams
Resource: "*"
- Effect: Allow
Action:
- s3:*
Resource: "*"
- Effect: "Allow"
Action:
- "sqs:*"
Resource: "arn:aws:sqs:${opt:region}:*:${opt:stage}-${opt:product}-sqs-queue"
name: aws
runtime: nodejs12.x
stage: ${self:custom.stage}
region: ${self:custom.region}
memorySize: 256
timeout: 30
package:
exclude:
- "*/**"
include:
- build/**
- node_modules/**
functions:
orgSettingsAPI:
name: ${self:service}-${self:custom.stage}-api
handler: build/src/lambda.handler
events:
- http:
method: any
path: /api/{proxy+}
authorizer:
arn: arn:aws:lambda:${opt:region}:${self:custom.accountId}:function:authenticator-${self:custom.stage}-api
resultTtlInSeconds: 60
identitySource: method.request.header.Authorization
identityValidationExpression: ^Bearer.+
cors:
origins:
- "*"
headers:
- Content-Type
- X-Amz-Date
- Authorization
- X-Api-Key
- X-Amz-Security-Token
allowCredentials: true
maxAge: 86400
- http:
method: any
path: /internal/{proxy+}
vpc:
securityGroupIds:
- sg-1234
subnetIds:
- subnet-1234
- subnet-1234
environment:
SqsQueueName: ${opt:stage}-${opt:product}-sqs-queue
reservedConcurrency: 10
events:
- sqs:
arn:
Fn::GetAtt:
- SqsQueue
- Arn
batchSize: 1
resources:
Resources:
GatewayResponse:
Type: "AWS::ApiGateway::GatewayResponse"
Properties:
ResponseParameters:
gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
ResponseType: EXPIRED_TOKEN
RestApiId:
Ref: "ApiGatewayRestApi"
StatusCode: "401"
AuthFailureGatewayResponse:
Type: "AWS::ApiGateway::GatewayResponse"
Properties:
ResponseParameters:
gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
ResponseType: UNAUTHORIZED
RestApiId:
Ref: "ApiGatewayRestApi"
StatusCode: "401"
When I debugged the deployment process it says:
Serverless: Unable to find WAF named 'name-of-my-acl'. Am I naming it wrong or using it wrong?
I do not understand what is the name I should be using for my WAF in the serverless.yml file.
1 answers
solution1
0 2021-05-27 05:30:12
Found the issue, turns out I need to add
version: V2
just after name since AWS WAF supports V2. Once I added it and redeployed the API Gateway got attached to the created WAF.
PS: the name is the name of the ACL that we want to use.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.