Hello,
I am working on an update for an AWS WAFv2. Regarding the managed_rule_group_statement now we have a new option named rule_action_override to replace the deprecated option excluded_rule.
WAF Module
dynamic "managed_rule_group_statement" {
for_each = lookup(rule.value, "managed_rule_group_statement", null) == null ? [] : [lookup(rule.value, "managed_rule_group_statement")]
content {
name = lookup(managed_rule_group_statement.value, "name")
vendor_name = lookup(managed_rule_group_statement.value, "vendor_name", "AWS")
/*
dynamic "excluded_rule" {
for_each = lookup(managed_rule_group_statement.value, "excluded_rule", null) == null ? [] : [lookup(managed_rule_group_statement.value, "excluded_rule")]
content {
name = excluded_rule.value
}
}*/
dynamic "rule_action_override" {
for_each = lookup(managed_rule_group_statement.value, "rule_action_override", null) == null ? []:[lookup(managed_rule_group_statement.value, "rule_action_override")]
content {
name = lookup(rule_action_override.value,"name")
dynamic "action_to_use" {
for_each = [lookup(rule_action_override.value,"action_to_use")]
content {
dynamic "count" {
for_each = lookup(action_to_use.value,"count", null) == null ? []:[lookup(action_to_use.value,"count")]
content {}
}
}
}
}
}
}
}
Example
{
name = "AWSManagedRulesCommonRuleSet"
priority = 2
override_action = "none"
managed_rule_group_statement = {
name = "AWSManagedRulesCommonRuleSet"
vendor_name = "AWS"
rule_action_override = [
{
name = "SizeRestrictions_BODY"
action_to_use = {
count = {}
}
},
{
name = "CrossSiteScripting_BODY"
action_to_use = {
count = {}
}
}
]
#excluded_rule = ["CrossSiteScripting_BODY", "SizeRestrictions_BODY"]
}
Error
Error: Insufficient action_to_use blocks
│
│ on ..\..\Infrastructure.TFModule.AWS_WAF\main.tf line 571, in resource "aws_wafv2_web_acl" "main_waf":
│ 571: content {
│
│ At least 1 "action_to_use" blocks are required.
╵
╷
│ Error: Invalid function argument
│
│ on ..\..\Infrastructure.TFModule.AWS_WAF\main.tf line 572, in resource "aws_wafv2_web_acl" "main_waf":
│ 572: name = lookup(rule_action_override.value,"name")
│ ├────────────────
│ │ rule_action_override.value is tuple with 2 elements
│
│ Invalid value for "inputMap" parameter: lookup() requires a map as the first argument.
╵
╷
│ Error: Invalid function argument
│
│ on ..\..\Infrastructure.TFModule.AWS_WAF\main.tf line 574, in resource "aws_wafv2_web_acl" "main_waf":
│ 574: for_each = [lookup(rule_action_override.value,"action_to_use")]
│ ├────────────────
│ │ rule_action_override.value is tuple with 2 elements
│
│ Invalid value for "inputMap" parameter: lookup() requires a map as the first argument.
Somebody knows why I have this error, I am not sure what is happening.
Thank you for your support.