I’m trying to create a WAFv2 association for rate limiting and I’m getting a confusing error:

WAFInvalidParameterException: Error reason: Your statement has multiple values set for a field that requires exactly one value., field: RULE, parameter: Rule

Here’s my code:

const exampleWebAcl = new aws.wafv2.WebAcl("exampleWebAcl", {
  scope: "REGIONAL",
  defaultAction: {
    allow: {},
  },
  visibilityConfig: {
    cloudwatchMetricsEnabled: true,
    metricName: `${stackEnv}-waf-metric`,
    sampledRequestsEnabled: true,
  },
  rules: [
    {
      name: "metric-based",
      priority: 0,
      statement: {
        rateBasedStatement: {
          aggregateKeyType: "IP",
          limit: 100,
        }
      },
      visibilityConfig: {
        cloudwatchMetricsEnabled: true,
        metricName: `${stackEnv}-waf-rate`,
        sampledRequestsEnabled: true,
      }
    }
  ]
});
const exampleWebAclAssociation = new aws.wafv2.WebAclAssociation("exampleWebAclAssociation", {
  resourceArn: loadBalancer.loadBalancer.arn,
  webAclArn: exampleWebAcl.arn,
});

Any idea?

It looks correct, the only thing that would make sense as I ran into similar with ListenerRules and conditions, is the [] indicates an array, remote the brackets and see what the outcome is.

The typescript definition expects an array - it won’t compile if you remove the brackets:

rules?: pulumi.Input<pulumi.Input<inputs.wafv2.WebAclRule>[]>

From my googling, I think you need to set one of

action

or

overrideAction

for your rule. Unfortunately it seems this is a poor error message from AWS.

Thank you - AWS UX isn’t known to be the best…! That’s exactly what I needed! I think the Pulumi doc could be improved as well (it wasn’t clear that either parameters was required)