Can anyone explain me what does this error mean:
Error: List shorter than MinItems
?
I am getting this error when I am trying to deploy WAFv2:
Error: List shorter than MinItems
on ../../modules/WAFv2/waf.tf line 25, in resource "aws_wafv2_web_acl" "main":
25: resource "aws_wafv2_web_acl" "main" {
Attribute supports 1 item minimum, config has 0 declared
the resource code is taken from: terraform-aws-waf-webaclv2/main.tf at main · umotif-public/terraform-aws-waf-webaclv2 · GitHub
the module configuration:
module waf {
source = "../../modules/WAFv2"
name_prefix = "WAFv2"
allow_default_action = true
region = var.region
aws-account-id = var.aws-account-id
log_destination_configs = [module.waf.aws_kinesis_firehose_delivery_stream]
firehose-stream-bucket-name = var.firehose-stream-bucket-name
redacted_fields = [
{
single_header = {
name = "user-agent"
}
}
]
logging_filter = {
default_behavior = "DROP"
filter = [
{
behavior = "KEEP"
requirement = "MEETS_ANY"
condition = [
{
action_condition = {
action = "ALLOW"
}
},
]
},
{
behavior = "KEEP"
requirement = "MEETS_ALL"
condition = [
{
action_condition = {
action = "COUNT"
}
}
]
}
]
}
visibility_config = {
cloudwatch_metrics_enabled = false
metric_name = "WAFv2-main-metrics"
sampled_requests_enabled = true
}
rules = [
{
name = "AWSManagedRulesCommonRuleSet-rule-1"
priority = "10"
override_action = "count"
visibility_config = {
cloudwatch_metrics_enabled = false
metric_name = "AWSManagedRulesCommonRuleSet-metric"
sampled_requests_enabled = true
}
managed_rule_group_statement = {
name = "AWSManagedRulesCommonRuleSet"
vendor_name = "AWS"
excluded_rule = [
"GenericRFI_QUERYARGUMENTS"
]
}
},
{
name = "AWSManagedRulesKnownBadInputsRuleSet-rule-2"
priority = "15"
override_action = "count"
visibility_config = {
cloudwatch_metrics_enabled = false
metric_name = "AWSManagedRulesKnownBadInputsRuleSet-metric"
sampled_requests_enabled = true
}
managed_rule_group_statement = {
name = "AWSManagedRulesKnownBadInputsRuleSet"
vendor_name = "AWS"
}
},
{
name = "AWSManagedRulesSQLiRuleSet-rule-3"
priority = "5"
override_action = "count"
visibility_config = {
cloudwatch_metrics_enabled = false
metric_name = "AWSManagedRulesSQLiRuleSet-metric"
sampled_requests_enabled = true
}
managed_rule_group_statement = {
name = "AWSManagedRulesSQLiRuleSet"
vendor_name = "AWS"
}
},
{
name = "AWSManagedRulesLinuxRuleSet-rule-4"
priority = "20"
override_action = "count"
visibility_config = {
cloudwatch_metrics_enabled = false
metric_name = "AWSManagedRulesLinuxRuleSet-metric"
sampled_requests_enabled = true
}
managed_rule_group_statement = {
name = "AWSManagedRulesLinuxRuleSet"
vendor_name = "AWS"
}
},
{
name = "AWSManagedRulesAmazonIpReputationList-rule-5"
priority = "25"
override_action = "count"
visibility_config = {
cloudwatch_metrics_enabled = false
metric_name = "AWSManagedRulesAmazonIpReputationList-metric"
sampled_requests_enabled = true
}
managed_rule_group_statement = {
name = "AWSManagedRulesAmazonIpReputationList"
vendor_name = "AWS"
}
},
{
name = "AWSManagedRulesBotControlRuleSet-rule-5"
priority = "30"
override_action = "count"
visibility_config = {
cloudwatch_metrics_enabled = false
metric_name = "AWSManagedRulesBotControlRuleSet-metric"
sampled_requests_enabled = true
}
managed_rule_group_statement = {
name = "AWSManagedRulesBotControlRuleSet"
vendor_name = "AWS"
excluded_rule = [
"CategoryHttpLibrary",
"SignalNonBrowserUserAgent"
]
}
},
{
name = "ip-rate-limit"
priority = "35"
action = "count"
rate_based_statement = {
limit = "500"
aggregate_key_type = "IP"
}
visibility_config = {
cloudwatch_metrics_enabled = false
sampled_requests_enabled = true
}
},
{
name = "block_country_codes"
priority = "40"
action = "block"
geo_match_statement = {
country_codes = []
}
visibility_config = {
cloudwatch_metrics_enabled = false
metric_name = "block_country_codes-metric"
sampled_requests_enabled = true
}
},
{
name = "whitelisted-ip-set"
priority = "60"
action = "allow"
ip_set_reference_statement = {
arn = module.waf.whitelisted_ip_set
}
visibility_config = {
cloudwatch_metrics_enabled = false
sampled_requests_enabled = true
}
},
{
name = "blacklisted-ip-set"
priority = "50"
action = "block"
ip_set_reference_statement = {
arn = module.waf.blacklisted_ip_set
}
visibility_config = {
cloudwatch_metrics_enabled = false
metric_name = join("", [var.tags.Environment, "-ip-set-block-metrics"])
sampled_requests_enabled = true
}
}
]
tags = var.tags
}