This message was deleted Pulumi Community #aws

Join Slack

This message was deleted.

# aws

sparse-intern-71089

06/12/2023, 9:59 AM

This message was deleted.

calm-queen-58154

06/13/2023, 8:55 AM

you could try to import it to see what the generated code looks like.

sticky-shoe-47337

06/13/2023, 8:57 AM

okay, thanks, I'll see if I can do that. I wasn't aware that an import would generate the pulumi code

calm-queen-58154

06/13/2023, 9:10 AM

I've only been using Pulumi for a few weeks but usually I will search their blog as sometimes there are buried articles that are great, run an import to see the generated code, and look at the source code which has helpful comments.

sticky-shoe-47337

06/13/2023, 9:13 AM

Yeah, I was under the impression that an import just imported the resource into the stack. I wasn't aware that it would spit out the code too, very handy! Thanks very much, it worked and there was no way I would have worked out the code on my own 😄

sticky-shoe-47337

06/13/2023, 3:37 PM

I deleted my previous findings on this because the import seemed to work and would deploy over the existing resource but the import was not translating everything to code. It seemed to be missing the default rule actions so if you copied the code to deploy a similar resource, it would fail. I eventually got it to work using aws-native package instead using

Copy code

pulumi import aws-native:wafv2:WebACL imported-sandbox3-wafv2 "sandbox3-test-native|f57sds2b-9770-493d-9d23-dcd76werf08f1|REGIONAL"

sticky-shoe-47337

06/13/2023, 3:39 PM

This correctly imported and translated it (I added a default block action and a count to one rule just to test):

Copy code

kv_web_acl = aws_native.wafv2.WebACL(env_name + "-waf-alb",
    default_action=aws_native.wafv2.WebACLDefaultActionArgs(
        block=aws_native.wafv2.WebACLBlockActionArgs(),
    ),
    description="waf for alb deployed via pulumi",
    name=f"{env_name}-waf-alb",
    rules=[aws_native.wafv2.WebACLRuleArgs(
        name="AWS-AWSManagedRulesCommonRuleSet",
        override_action=aws_native.wafv2.WebACLOverrideActionArgs(
            none={},
        ),
        priority=0,
        rule_labels=[],
        statement=aws_native.wafv2.WebACLStatementArgs(
            managed_rule_group_statement=aws_native.wafv2.WebACLManagedRuleGroupStatementArgs(
                excluded_rules=[],
                managed_rule_group_configs=[],
                name="AWSManagedRulesCommonRuleSet",
                rule_action_overrides=[aws_native.wafv2.WebACLRuleActionOverrideArgs(
                    action_to_use=aws_native.wafv2.WebACLRuleActionArgs(
                        count=aws_native.wafv2.WebACLCountActionArgs(),
                    ),
                    name="SizeRestrictions_BODY",
                )],
                vendor_name="AWS",
            ),
        ),
        visibility_config=aws_native.wafv2.WebACLVisibilityConfigArgs(
            cloud_watch_metrics_enabled=True,
            metric_name="AWS-AWSManagedRulesCommonRuleSet",
            sampled_requests_enabled=True,
        ),
    )],
    scope=aws_native.wafv2.WebACLScope.REGIONAL,
    visibility_config=aws_native.wafv2.WebACLVisibilityConfigArgs(
        cloud_watch_metrics_enabled=True,
        metric_name=f"{env_name}-waf-alb",
        sampled_requests_enabled=True,
    )
)

sticky-shoe-47337

06/13/2023, 3:42 PM

Becasue the web acl association to an alb takes longer than 5 minutes, I had to tweak the timeout to 15 mins. I used AWS Classic for this but I'm sure it would work with aws-native too:

Copy code

web_acl_assoc = wafv2.WebAclAssociation(
    env_name + "-web-acl-alb-assoc",
    resource_arn=<alb-arn>,
    web_acl_arn=kv_web_acl.arn,
    opts=pulumi.ResourceOptions(custom_timeouts=pulumi.CustomTimeouts(create='15m'))
)

69 Views

Open in Slack

Previous Next