AWS Beanstalk和IPset
AWS Beanstalk和IPset
提问于 2021-08-31 19:57:48
我正在尝试在我的豆茎环境中设置一个IPSet。在我的.ebextensions中,我有一个waf.config,其中包含:
option_settings:
aws:elasticbeanstalk:environment:
LoadBalancerType: application
Resources:
IPSet:
Type: "AWS::WAFv2::IPSet"
Properties:
Name: '`{ "Ref" : "AWSEBEnvironmentName" }`-IPset'
Addresses:
- 10.10.10.10/32
IPAddressVersion: IPV4
Scope: REGIONAL
Tags:
- Key: "Scope"
Value: "Sqreen"
WafAcl:
Type: "AWS::WAFv2::WebACL"
Properties:
Description: 'Web ACL to Block bad requests on `{ "Ref" : "AWSEBEnvironmentName" }`'
Name: '`{ "Ref" : "AWSEBEnvironmentName" }`-WebACL'
Scope: REGIONAL
DefaultAction:
Allow : {}
VisibilityConfig:
SampledRequestsEnabled: true
CloudWatchMetricsEnabled: true
MetricName: '`{ "Ref" : "AWSEBEnvironmentName" }`-WebACL'
Rules:
- Name: DenyListIPSet
Priority: 0
OverrideAction:
Block: {}
VisibilityConfig:
SampledRequestsEnabled: true
CloudWatchMetricsEnabled: true
MetricName: DenyIps
Statement:
IPSetReferenceStatement:
Arn: '`{ "Fn::GetAtt" : ["IPSet", "Arn" ]}`'
WebACLAssociation:
Type: AWS::WAFv2::WebACLAssociation
Properties:
ResourceArn: '`{ "Ref" : "AWSEBV2LoadBalancer" }`'
WebACLArn: '`{ "Fn::GetAtt" : ["WafAcl", "Arn" ]}`'但是CloudFormation栈给了我:"Error reason: A reference in your rule statement is not valid., field: RULE, parameter: Statement (Service: Wafv2, Status Code: 400
cloudformation堆栈在我看来是有效的。我没有看到任何其他语句可以更好地匹配我的需求……
编辑:解决方案
"RuleAction“和"OverrideAction",请分别引用3和4。
有了Action (而不是override action),WAF就能正常工作了!
回答 1
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/69004674
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号