【发布时间】:2021-10-02 06:11:57
【问题描述】:
我想创建一个 Cloudfront 范围的 AWS WAFv2 Web acl。我正在使用 AWS 托管规则。对于托管规则组中的某些规则,我有一个范围下降语句。我从 AWS 得到的 json 如下:
{
"Name": "AWS-AWSManagedRulesAdminProtectionRuleSet",
"Priority": 0,
"Statement": {
"ManagedRuleGroupStatement": {
"VendorName": "AWS",
"Name": "AWSManagedRulesAdminProtectionRuleSet",
"ScopeDownStatement": {
"ByteMatchStatement": {
"SearchString": "abc",
"FieldToMatch": {
"UriPath": {}
},
"TextTransformations": [
{
"Priority": 0,
"Type": "NONE"
}
],
"PositionalConstraint": "CONTAINS_WORD"
}
}
}
},
"OverrideAction": {
"Count": {}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "AWS-AWSManagedRulesAdminProtectionRuleSet"
}
}
AWS 文档 here 说,在托管规则组语句中允许使用范围缩小语句。然而,当我阅读 Terraform 文档here 时,我们没有任何关于范围缩小语句的选项。当我尝试创建如下规则时,它通过了 terraform 验证,但是当我应用它时,我收到一个 AWS 错误,提示我添加了两个语句,其中一个是必需的。这非常令人困惑。有没有办法我可以做到这一点,如果是的话如何?任何帮助将不胜感激。
rule {
name = "AWS-AWSManagedRulesAdminProtectionRuleSet"
priority = 0
override_action {
count {}
}
statement {
managed_rule_group_statement {
name = "AWSManagedRulesAdminProtectionRuleSet"
vendor_name = "AWS"
} {
byte_match_statement {
field_to_match {
uri_path {}
}
search_string = "abc"
text_transformation {
priority = 0
type = "NONE"
}
positional_constraint = "CONTAINS_WORD"
}
}
visibility_config {
sampled_requests_enabled = true
metric_name = "AWS-AWSManagedRulesAdminProtectionRuleSet"
cloudwatch_metrics_enabled = true
}
}
【问题讨论】:
标签: amazon-web-services terraform amazon-waf