Error while creating cloudformation stack : waf-reactive-blacklist . Lambda function creation is failing as it is unable to find key in bucket "heitorc".

[ppm-vinay]

Following code is creating problem in waf-reactive-blacklist:
"Code": {
"S3Bucket": {"Fn::Join": [".", [{ "Ref" : "AWS::Region" },"heitorc"]]},
"S3Key": "waf-reactive-blacklist/parser.zip"
},
The above code in cloudformation results in BucketNotFound error while I tested with python api and was able to fetch file.

import boto3
s3 = boto3.resource('s3')
obj = s3.Object('heitorc','waf-reactive-blacklist/parser.zip')
obj.get()['Body'].read().decode('utf-8')

So the bucket name formed is somehow wrong in cloudformation and needs to be updated correctly.

[hvital]

Hi,

I'll update this reference in CloudFromation to keep this solution working but if you need this asap, I recommend check this solution: https://aws.amazon.com/answers/security/aws-waf-security-automations/

This is where I'm keeping the most updated and complete version of the solution.

Regards,

Heitor

[jmilliron]

FYI; I got a permission denied for the above (using us-east-1). Ended up just downloading waf-reactive-blacklist/parser.zip from this repo, uploading it to one of my own buckets and then updating the template with the new location.

[towwei]

updated: just need to edit template.json line 264 to "Code": {
"S3Bucket": "yourbucketname",
"S3Key": "waf-reactive-blacklist/parser.zip"
},

@jmilliron which part in the template you update to have your own bucket location? i tried changing the key for "S3Bucket" but it's still failing with below error.

error occurred while GetObject. S3 Error Code: NoSuchBucket. S3 Error Message: The specified bucket does not exist

[nprajilesh]

i copied the waf-reactive-blacklist/parser.zip to my s3 bucket and updated the template . It worked
"Code": {
"S3Bucket":"bucketname",
"S3Key": "key to zip file"
}