Error on rate_based_statement, to ignore internal ips and apply rate limit on all other Ips.
I am trying to ignore rate limiting to internal IP’s but apply rate limiting to all other IP’s.
I have the following
`
resource “aws_waf_ipset” “internal_ipset” {
name = “Internal-IPSet”
ip_set_descriptors {
type = “IPV4”
value = “10.0.0.0/16”
}
}
rule {
name = “rule-name”
priority = 6
action {
block {}
}
visibility_config {
sampled_requests_enabled = true
cloudwatch_metrics_enabled = true
metric_name = "waf_name"
}
statement {
rate_based_statement {
limit = 500
aggregate_key_type = "IP"
not_statement {
statement {
ip_set_reference_statement {
arn = aws_wafv2_ip_set.internal_ipset.arn
}
}
}
}
}
}`