I am getting below error when I try to create wafv2 policy. Can you correct if this has been resolved for you. Thanks.
error updating FMS Policy (5c82a5d2-a5cc-445b-b992-9c97bb70580e): InvalidInputException: Error in the SecurityServiceData.ManagedServiceData at [Source: (String)"{“defaultAction”:{“type”:“ALLOW”},“loggingConfiguration”:{“logDestinationConfigs”:“arn:aws:s3:::aws-waf-logs-mag-fm”},“overrideCustomerWebACLAssociation”:true,“postProcessRuleGroups”:,“preProcessRuleGroups”:[{“managedRuleGroupIdentifier”:{“managedRuleGroupName”:“AWSManagedRulesPHPRuleSet”,“vendorName”:“AWS”,“versionEnabled”:true},“overrideAction”:{“type”:“NONE”},“ruleGroupArn”:null,“ruleGroupType”:“ManagedRuleGroup”},{“managedRuleGroupIdentifier”:{“managedRuleGroupName”:“AWSManagedRulesBotCont”[truncated 599 chars]; line: 1, column: 83]
resource “aws_fms_policy” “waf_v2” {
name = “mag-fm-policy-waf”
delete_all_policy_resources = true
exclude_resource_tags = false
remediation_enabled = false
resource_type_list = [“AWS::ElasticLoadBalancingV2::LoadBalancer”, “AWS::ApiGateway::Stage”]
tags = merge(local.tags, var.tags_common)
include_map {
account = [“560159190649”, “227474987426”]
}
security_service_policy_data {
type = “WAFV2”
managed_service_data = jsonencode({
type = “WAFV2”,
preProcessRuleGroups = [
{
managedRuleGroupIdentifier = {
vendorName = “AWS”,
managedRuleGroupName = “AWSManagedRulesPHPRuleSet”,
versionEnabled = true
},
ruleGroupType = “ManagedRuleGroup”,
ruleGroupArn = null,
overrideAction = {
type = “NONE”
}
},
{
managedRuleGroupIdentifier = {
vendorName = “AWS”,
managedRuleGroupName = “AWSManagedRulesBotControlRuleSet”,
versionEnabled = true
},
ruleGroupType = “ManagedRuleGroup”,
ruleGroupArn = null,
overrideAction = {
type = “NONE”
}
},
{
managedRuleGroupIdentifier = {
vendorName = “AWS”,
managedRuleGroupName = “AWSManagedRulesKnownBadInputsRuleSet”,
versionEnabled = true
},
ruleGroupType = “ManagedRuleGroup”,
ruleGroupArn = null,
overrideAction = {
type = “NONE”
}
},
{
managedRuleGroupIdentifier = {
vendorName = “AWS”,
managedRuleGroupName = “AWSManagedRulesCommonRuleSet”,
versionEnabled = true
},
ruleGroupType = “ManagedRuleGroup”,
ruleGroupArn = null,
overrideAction = {
type = “NONE”
}
}
],
postProcessRuleGroups = ,
overrideCustomerWebACLAssociation = true
loggingConfiguration = {
logDestinationConfigs = module.s3_bucket.s3_bucket_arn
}
})
}
}