https://pulumi.com logo
Title
a

abundant-appointment-96790

09/20/2020, 6:36 PM
I’m trying to create a WAFv2 association for rate limiting and I’m getting a confusing error:
WAFInvalidParameterException: Error reason: Your statement has multiple values set for a field that requires exactly one value., field: RULE, parameter: Rule
Here’s my code:
const exampleWebAcl = new aws.wafv2.WebAcl("exampleWebAcl", {
  scope: "REGIONAL",
  defaultAction: {
    allow: {},
  },
  visibilityConfig: {
    cloudwatchMetricsEnabled: true,
    metricName: `${stackEnv}-waf-metric`,
    sampledRequestsEnabled: true,
  },
  rules: [
    {
      name: "metric-based",
      priority: 0,
      statement: {
        rateBasedStatement: {
          aggregateKeyType: "IP",
          limit: 100,
        }
      },
      visibilityConfig: {
        cloudwatchMetricsEnabled: true,
        metricName: `${stackEnv}-waf-rate`,
        sampledRequestsEnabled: true,
      }
    }
  ]
});
const exampleWebAclAssociation = new aws.wafv2.WebAclAssociation("exampleWebAclAssociation", {
  resourceArn: loadBalancer.loadBalancer.arn,
  webAclArn: exampleWebAcl.arn,
});
Any idea?
s

strong-plastic-28250

09/20/2020, 8:17 PM
It looks correct, the only thing that would make sense as I ran into similar with ListenerRules and conditions, is the [] indicates an array, remote the brackets and see what the outcome is.
a

abundant-appointment-96790

09/20/2020, 9:10 PM
The typescript definition expects an array - it won’t compile if you remove the brackets:
rules?: pulumi.Input<pulumi.Input<inputs.wafv2.WebAclRule>[]>
g

gentle-diamond-70147

09/21/2020, 3:26 PM
From my googling, I think you need to set one of
action
or
overrideAction
for your rule. Unfortunately it seems this is a poor error message from AWS.
a

abundant-appointment-96790

09/21/2020, 4:49 PM
Thank you - AWS UX isn’t known to be the best…! That’s exactly what I needed! I think the Pulumi doc could be improved as well (it wasn’t clear that either parameters was required)
👍 1