chilly-photographer-60932
02/02/2019, 5:44 PMwaf
rule in aws
.
function wafRuleToAllowIpAddress(ipCIDRBlock: string, name: string) {
const aws_waf_ipset_ipset = new aws.waf.IpSet("ipset", {
ipSetDescriptors: [
{
type: "IPV4",
value: ipCIDRBlock
}
],
name: "tfIPSet"
});
const aws_waf_rule_wafrule = new aws.waf.Rule(
"wafrule",
{
metricName: "tfWAFRule",
name: "tfWAFRule",
predicates: [
{
dataId: aws_waf_ipset_ipset.id,
negated: false,
type: "IPMatch"
}
]
},
{ dependsOn: [aws_waf_ipset_ipset] }
);
return aws_waf_rule_wafrule;
}
This is to apply to the Cloudfront
. But the issue is it is creating it in a region and the cloudfront
is global.error updating CloudFrontDistribution (asdasdasd): InvalidWebACLId: Web ACL is not accessible by the requester.
status code: 400, request id: 895bdefa-2710-11e9-9f38-5156e40a13f9
white-balloon-205
us-east-1
region? (You could create a new aws.Provider({ region: "us-east-1"})
to do this). Also notable that there are separate aws.waf
and aws.wafregional
resources. I would have thought the former was what you wanted here - but there may be subtle requirements of one or the other related to CloudFront?
Also possible there's just some other IAM issue here?
If you have a reduced repro I could try to take a look myself - though can't promise any particularly deep insights 🙂.chilly-photographer-60932
02/05/2019, 2:36 PM