Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rule_action_override doesn't work with AWS provider 5.9.0 #53

Open
folleymcklaukyn opened this issue Sep 18, 2023 · 0 comments
Open

rule_action_override doesn't work with AWS provider 5.9.0 #53

folleymcklaukyn opened this issue Sep 18, 2023 · 0 comments
Labels
bug 🐛 An issue with the system

Comments

@folleymcklaukyn
Copy link

Describe the Bug

Hi,
I was working with the module at the time, and I added an override rule to the managed_rule_group_statement_rules section. However, after executing the terraform plan, I received the following message:

Planning failed. Terraform encountered an error while generating this plan.

╷
│ Error: Unsupported block type
│
│   on .terraform/modules/waf/rules.tf line 568, in resource "aws_wafv2_web_acl" "default":
│  568:                   dynamic "challenge" {
│
│ Blocks of type "challenge" are not expected here.
╵
╷
│ Error: Unsupported block type
│
│   on .terraform/modules/waf/rules.tf line 568, in resource "aws_wafv2_web_acl" "default":
│  568:                   dynamic "challenge" {
│
│ Blocks of type "challenge" are not expected here.
╵
╷
│ Error: Unsupported block type
│
│   on .terraform/modules/waf/rules.tf line 568, in resource "aws_wafv2_web_acl" "default":
│  568:                   dynamic "challenge" {
│
│ Blocks of type "challenge" are not expected here.
╵

This behavior is observed with AWS provider version 5.9.0. It works if the provider version is updated to 5.13.0 or 5.17.0.

Expected Behavior

A plan containing all of the resources to be generated is displayed.

Steps to Reproduce

  1. Create a terraform script with the rule and the override.
module "waf" {
  source  = "cloudposse/waf/aws"
  version = "1.2.0"

  visibility_config = {
    cloudwatch_metrics_enabled = false
    metric_name                = "default-rules"
    sampled_requests_enabled   = false
  }

  managed_rule_group_statement_rules = [
    {
      name     = "AWS-AWSManagedRulesAmazonIpReputationList"
      priority = 1

      statement = {
        name        = "AWSManagedRulesAmazonIpReputationList"
        vendor_name = "AWS"

        rule_action_override = {
          AWSManagedIPReputationList = {
            action                  = "count"
          }
          AWSManagedReconnaissanceList = {
            action                  = "count"
          }
          AWSManagedIPDDoSList = {
            action                  = "count"
          }
        }
      }

      visibility_config = {
        cloudwatch_metrics_enabled = true
        sampled_requests_enabled   = true
        metric_name                = "AWS-AWSManagedRulesAmazonIpReputationList"
      }
    }
  ]
}
  1. Restrict the versions.tf:
terraform {
  required_version = "~> 1.5.1"

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.9.0"
    }
  }
}
  1. Execute terraform init
  2. Execute terraform plan

Screenshots

Terraform init screenshot:
Screenshot 2023-09-18 141435

Terraform plan error:
Screenshot 2023-09-18 141632

Environment

  • OS: WSL (Ubuntu 22.04)
  • Module version: 1.2.0
  • Terraform version: v1.5.1
  • AWS provider version: 5.9.0

Additional Context

No response
@folleymcklaukyn folleymcklaukyn added the bug 🐛 An issue with the system label Sep 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug 🐛 An issue with the system
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@folleymcklaukyn