Hi there.
I am trying to provision an FMS policy to our one FMS admin account.
I have added the blocks below the policy to simplify the code. (using a module at this point is not as easy to test rapidly)
I am runnig into an issue when I try to apply. The error I get is:
>Creating Policy Failed: ValidationException: 1 validation error detected: Value ’ {
“type”: “WAFV2”,
“ruleGroups”:
[{
“arn”:“arn:aws:wafv2:xx-west-1:xxxxx:regional/rulegroup/rulegroupname/rulegrouparn”,
“overrideAction” : {
“type”: “COUNT”
}
}],
“defaultAction”:
{
“type”: ALLOW
},
“overrideCustomerWebACLAssociation”: false
}
’ at ‘policy.securityServicePolicyData.managedServiceData’ failed to satisfy constraint: Member must satisfy regular expression pattern: .*
status code: 400, request id: xxxxxxx
This isn’t very clear from what I can find in the documentation or the source code.
Is there a more complete WAFV2 example available?
My policy code is:
>resource "aws_fms_policy" "fms-policy" {
> name = "${var.env_name}-${var.service}-Policy-${var.aws_region}"
> exclude_resource_tags = false
> resource_tags = var.resource_tags
> remediation_enabled = var.remediate
> resource_type_list = [var.resource_type]
> include_map {
> account = ["account_number"]
> }
>
> security_service_policy_data {
> type = "WAFV2"
>
> managed_service_data = <<EOF
> {
> "type": "WAFV2",
> "ruleGroups":
> [{
> "arn":"${aws_wafv2_rule_group.rulegroup_name.arn}",
> "overrideAction" : {
> "type": "COUNT"
> }
> }],
> "defaultAction":
> {
> "type": ALLOW
> },
> "overrideCustomerWebACLAssociation": false
> }
>EOF
> }
>}
Some values are hard coded for now for expediancy
Any help would be amazing.