Error Creating aws_fms_policy

Terraform Providers AWS
1

Hi All,

I was trying to create aws_fms_policy and when I apply, I got an error which I could not figure out what is the error based on the error message. Appreciate if anybody can help. Thanks.

Error: Creating Policy Failed: InvalidInputException: Error in the SecurityServiceData.ManagedServiceData at [Source: (String)"{“defaultAction”:“ALLOW”,“loggingConfiguration”:{“logDestinationConfigs”:[“arn:aws:firehose:us-east-1:xxxxxxxxx:deliverystream/aws-waf-logs-global”]},“overrideCustomerWebACLAssociation”:false,“postProcessRuleGroups”:[],“preProcessRuleGroups”:[{“managedRuleGroupIdentifier”:{“managedRuleGroupName”:“AWSManagedRulesBotControlRuleSet”,“vendorName”:“AWS”},“overrideAction”:{“type”:“NONE”},“ruleGroupArn”:null,“ruleGroupType”:“ManagedRuleGroup”,“visibility_config”:{“cloudwatch_metrics_enabled”:true,“m”[truncated 101 chars];

2

“defaultAction” should be defined with format
“defaultAction”:{“type”:“NONE”}

3

I am getting below error when I try to create wafv2 policy. Can you correct if this has been resolved for you. Thanks.
error updating FMS Policy (5c82a5d2-a5cc-445b-b992-9c97bb70580e): InvalidInputException: Error in the SecurityServiceData.ManagedServiceData at [Source: (String)"{“defaultAction”:{“type”:“ALLOW”},“loggingConfiguration”:{“logDestinationConfigs”:“arn:aws:s3:::aws-waf-logs-mag-fm”},“overrideCustomerWebACLAssociation”:true,“postProcessRuleGroups”:,“preProcessRuleGroups”:[{“managedRuleGroupIdentifier”:{“managedRuleGroupName”:“AWSManagedRulesPHPRuleSet”,“vendorName”:“AWS”,“versionEnabled”:true},“overrideAction”:{“type”:“NONE”},“ruleGroupArn”:null,“ruleGroupType”:“ManagedRuleGroup”},{“managedRuleGroupIdentifier”:{“managedRuleGroupName”:“AWSManagedRulesBotCont”[truncated 599 chars]; line: 1, column: 83]

resource “aws_fms_policy” “waf_v2” {
name = “mag-fm-policy-waf”
delete_all_policy_resources = true
exclude_resource_tags = false
remediation_enabled = false
resource_type_list = [“AWS::ElasticLoadBalancingV2::LoadBalancer”, “AWS::ApiGateway::Stage”]
tags = merge(local.tags, var.tags_common)

include_map {
account = [“560159190649”, “227474987426”]
}

security_service_policy_data {
type = “WAFV2”
managed_service_data = jsonencode({
type = “WAFV2”,
preProcessRuleGroups = [
{
managedRuleGroupIdentifier = {
vendorName = “AWS”,
managedRuleGroupName = “AWSManagedRulesPHPRuleSet”,
versionEnabled = true
},
ruleGroupType = “ManagedRuleGroup”,
ruleGroupArn = null,
overrideAction = {
type = “NONE”
}
},
{
managedRuleGroupIdentifier = {
vendorName = “AWS”,
managedRuleGroupName = “AWSManagedRulesBotControlRuleSet”,
versionEnabled = true
},
ruleGroupType = “ManagedRuleGroup”,
ruleGroupArn = null,
overrideAction = {
type = “NONE”
}
},
{
managedRuleGroupIdentifier = {
vendorName = “AWS”,
managedRuleGroupName = “AWSManagedRulesKnownBadInputsRuleSet”,
versionEnabled = true
},
ruleGroupType = “ManagedRuleGroup”,
ruleGroupArn = null,
overrideAction = {
type = “NONE”
}
},
{
managedRuleGroupIdentifier = {
vendorName = “AWS”,
managedRuleGroupName = “AWSManagedRulesCommonRuleSet”,
versionEnabled = true
},
ruleGroupType = “ManagedRuleGroup”,
ruleGroupArn = null,
overrideAction = {
type = “NONE”
}
}
],
postProcessRuleGroups = ,
overrideCustomerWebACLAssociation = true
loggingConfiguration = {
logDestinationConfigs = module.s3_bucket.s3_bucket_arn
}
})
}
}