堆棧內存溢出
  簡體   English   中英

AWS SAM - AWS::WAFv2::WebACLAssociation - AWS WAF 無法執行操作,因為您的資源不存在

[英]AWS SAM - AWS::WAFv2::WebACLAssociation - AWS WAF couldn?t perform the operation because your resource doesn?t exist

 原文  2021-05-18 10:13:57       amazon-web-services/ amazon-waf/ sam

問題描述

我們正在嘗試在我們的 SAM 模板中創建一個 AWS::WAFv2::IPSet。

WhitelistedIPAddressesIPSet:
    Type: AWS::WAFv2::IPSet
    Properties:
        Description: 'Merchant IPs'
        Scope: REGIONAL
        IPAddressVersion: IPV4
        Addresses: [0.0.0.0/32, 0.0.10.0/32]

IP 集的創建已成功完成。 一旦創建 AWS::WAFv2::WebACLAssociation。

WAFApiAssociation:
    Type: AWS::WAFv2::WebACLAssociation
    DependsOn:
        - ApiGateway
        - WAFWebAcl
    Properties:
        ResourceArn: !Sub 'arn:aws:apigateway:${AWS::Region}::/restapis/${ApiGateway}/stages/${EnvType}'
        WebACLArn: !GetAtt WAFWebAcl.Arn

CloudFormation 失敗並執行回滾。 顯示的錯誤如下:

Resource handler returned
ion message: "AWS WAF couldn?t
perform the operation
because your resource
doesn?t exist. (Service:
Wafv2, Status Code: 400,
Request ID: e337720a-e32c-
4c29-acde-1896855405c9,
Extended Request ID:
null)" (RequestToken: f24d
0488-3016-4030-3a3b-bbb246
66f130, HandlerErrorCode:
NotFound)

我們嘗試了不同的格式設置 IP 的 SAM 模板,以查看是否會導致問題,但沒有成功。

任何人都可以就這個問題分享一些有用的見解嗎?

2 個解決方案

解決方案1
 0  2021-05-18 12:00:54

A)如果您的資源已經直接依賴於其他資源,則不需要DependsOn 在這種情況下,它確實如此,因此您可以刪除此屬性。

B) 您需要在此處共享您的整個堆棧,而不僅僅是共享的內容,因為您的 APIGW 配置可能存在問題。 由於創建失敗,因此您可能會出現此后續問題。

創建 APIGW 不足以附加 WAF,您需要確保在創建階段后實際附加它,而不僅僅是 APIGW。 在這種情況下,將ResourceArn替換為引用APIGW Stage的資源。 (此外,您可能需要等待階段部署完成。)

解決方案2
 0  2021-05-18 13:11:50

這是 APIGW 模板Warren Parad

CDEAPI:
    Type: AWS::Serverless::Api
    Properties:
        # Domain:
        #     DomainName: !Ref CDEAPIDomainName
        #     SecurityPolicy: TLS_1_2
        #     CertificateArn: !Sub 'arn:aws:acm:us-east-1:${AWS::AccountId}:certificate/${CDEAPICertificateArn}'
        #     EndpointConfiguration: EDGE
        #     Route53:
        #         HostedZoneId: !Ref CDEAPIHostedZoneId
        AccessLogSetting:
            DestinationArn: !GetAtt CDEAPIAccessLogGroup.Arn
            Format: >-
                { "requestId":"$context.requestId",
                "ip":"$context.identity.sourceIp",
                "caller":"$context.identity.caller",
                "user":"$context.identity.user",
                "userAgent":"$context.identity.userAgent",
                "userArn":"$context.identity.userArn",
                "requestTime":"$context.requestTime",
                "requestTimeEpoch":"$context.requestTimeEpoch",
                "httpMethod":"$context.httpMethod",
                "resourcePath":"$context.resourcePath",
                "path":"$context.path",
                "status":"$context.status",
                "protocol":"$context.protocol",
                "responseLength":"$context.responseLength",
                "responseLatency":"$context.responseLatency",
                "authorizerLatency":"$context.authorizer.integrationLatency",
                "integrationLatency":"$context.integrationLatency",
                "integrationStatus":"$context.integrationStatus",
                "xrayTraceId":"$context.xrayTraceId",
                "errorMessage":"$context.error.message",
                "domainName":"$context.domainName",
                "domainPrefix":"$context.domainPrefix",
                "tokenScopes":"$context.authorizer.claims.scope",
                "tokenIat":"$context.authorizer.claims.iat",
                "tokenExp":"$context.authorizer.claims.exp",
                "cognitoIdentityId":"$context.identity.cognitoIdentityId",
                "awsEndpointRequestId":"$context.awsEndpointRequestId",
                "arn":"$context.identity.userArn",
                "account":"$context.identity.accountId",
                "claims-sub":"$context.authorizer.claims.sub",
                "waf-error":"$context.waf.error",
                "waf-status":"$context.waf.status",
                "waf-latency":"$context.waf.latency",
                "waf-response":"$context.waf.wafResponseCode",
                "authenticate-error":"$context.authenticate.error",
                "authenticate-status":"$context.authenticate.status",
                "authenticate-latency":"$context.authenticate.latency",
                "integration-error":"$context.integration.error",
                "integration-status":"$context.integration.status",
                "integration-latency":"$context.integration.latency",
                "integration-requestId":"$context.integration.requestId",
                "integration-integrationStatus":"$context.integration.integrationStatus",
                "response-latency":"$context.responseLatency" }
        StageName: !Ref EnvType
        Auth:
            DefaultAuthorizer: CognitoAuthorizer
            AddDefaultAuthorizerToCorsPreflight: false
            Authorizers:
                CognitoAuthorizer:
                    AuthType: COGNITO_USER_POOLS
                    UserPoolArn: !Sub 'arn:aws:cognito-idp:${AWS::Region}:${AWS::AccountId}:userpool/${CognitoUserPoolArn}'

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 CloudFormation 中應用程序負載均衡器的 AWS::WAFv2::WebACLAssociation ResourceArn AWS WafV2 OR 語句/IPSetReference AWS WAFv2 Terraform 導入 ID 問題 aws resourcegroupstaggingapi 檢索不存在的資源 AWS WAFv2 put-logging-configuration 命令中的多個 RedactedFields 使用 aws wafv2 create-web-acl 時出錯 將 AWS WAFv2 web acl 關聯到 ApiGatewayV2 AWS WAFV2:允許訪問特定 URI 路徑的 ACL 規則 在aws上部署失敗,因為AWSEBLoadBalancer不存在 問題迭代“aws_wafv2_regex_pattern_set”terraform wafv2
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM