I am not able to create WAF IP set ACL with TF 0.12.24 and encountering below issue.
Terraform Version
0.12.24
Terraform Configuration Files
provider "aws" {
region = "us-east-2"
version = "2.58"
}
resource "aws_waf_ipset" "pwipset" {
name = "pw_ipset"
ip_set_descriptors {
type = "IPV4"
value = "205.206.20.177/32"
}
ip_set_descriptors {
type = "IPV4"
value = "66.244.232.254/32"
}
}
resource "aws_waf_rule" "ip_match_rule" {
depends_on = [aws_waf_ipset.pwipset]
name = "edvrwafrule"
metric_name = "edvrwafrule"
predicates {
data_id = "aws_waf_ipset.pwipset.id"
negated = false
type = "IPMatch"
}
}
resource "aws_waf_web_acl" "edvr_wafacl" {
depends_on = [aws_waf_ipset.pwipset, aws_waf_rule.ip_match_rule]
name = "edvrwafacl"
metric_name = "edvrwafacl"
default_action {
type = "BLOCK"
}
rules {
action {
type = "BLOCK"
}
priority = 1
rule_id = "aws_waf_rule.edvrwafrule.id"
type = "REGULAR"
}
}
Expected Behavior
TF should create a web acl with the ip match filtering enabled
Actual Behavior
TF Apply is failing with the following error message
Error: Error Updating WAF Rule: Error Updating WAF Rule: WAFNonexistentItemException: The referenced item does not exist.
on waf_ipmatch.tf line 14, in resource "aws_waf_rule" "ip_match_rule":
14: resource "aws_waf_rule" "ip_match_rule" {
Steps to Reproduce
- Save the above tf config in a file, run the
terraform initandterraform plan - Once terraform initialization and plan is successful run
terraform applyand it should fail with above error. - The same tf config just works fine with TF 0.11.14 , after changing its interpolation syntax.
Additional Context
I am running plain terraform without any wrapper script.
I have tried with two versions of TF 12 ( v0.12.21 and 0.12.24 ) and they are failing with the same error at plan level
I have used the same TF config after making interpolation changes with TF v0.11.14 and it did create AWS WAF without any issues.