将AWS WAFv2 web acl与ApiGatewayV2关联
我希望将WAFv2 Web与API阶段相关联。
在terraform 文档之后,我尝试了这样的方法:
resource "aws_wafv2_web_acl_association" "this" {
resource_arn = aws_apigatewayv2_stage.this.arn
web_acl_arn = aws_wafv2_web_acl.this.arn
}但是,这没有被接受,错误是:
错误: WAFInvalidParameterException:错误原因: ARN无效。有效的ARN以arn:开头,并包括用冒号或斜杠分隔的其他信息。,字段: RESOURCE_ARN,参数:RESOURCE_ARN。
在AWS 文档中,ARN的模式是:
arn:aws:apigateway:region::/restapis/api-id/stages/stage-name但是,只有旧API的ARN在其ARN中使用"restapis“。v2网关只使用"apis“。
- 这就是ARN无效的原因吗?
- 如何将API GatewayV2 HTTP阶段与associate相关联?
根据请求,下面是网关的代码:
resource "aws_apigatewayv2_api" "this" {
name = "example-http-api"
protocol_type = "HTTP"
}
resource "aws_lambda_function" "this" {
filename = "example.zip"
function_name = "Example"
role = var.lambda_arn
handler = "index.handler"
runtime = "nodejs10.x"
}
resource "aws_apigatewayv2_integration" "get" {
api_id = aws_apigatewayv2_api.this.id
integration_type = "AWS_PROXY"
integration_method = "GET"
integration_uri = aws_lambda_function.this.invoke_arn
}
resource "aws_apigatewayv2_route" "get" {
api_id = aws_apigatewayv2_api.this.id
route_key = "$default"
target = "path/${aws_apigatewayv2_integration.get.id}"
}
resource "aws_apigatewayv2_stage" "this" {
api_id = aws_apigatewayv2_api.this.id
name = "example-stage"
}以及的代码:
resource "aws_wafv2_web_acl" "this" {
scope = "REGIONAL"
default_action {
allow {}
}
rule {
name = "common-rule-set"
priority = 1
override_action {
none {}
}
statement {
managed_rule_group_statement {
name = "AWSManagedRulesCommonRuleSet"
vendor_name = "AWS"
}
}
visibility_config {
cloudwatch_metrics_enabled = false
metric_name = "common-rule-set"
sampled_requests_enabled = false
}
}
visibility_config {
cloudwatch_metrics_enabled = false
metric_name = "web-acl"
sampled_requests_enabled = false
}
}回答 2
Stack Overflow用户
发布于 2021-01-28 04:07:00
HTTP不支持WAF:
API命名空间表示REST,而V1 V2代表WebSocket API和新HTTP。来源:https://aws.amazon.com/blogs/compute/announcing-http-apis-for-amazon-api-gateway/
和
目前,我们不支持HTTP的WAF。对于这个请求,我们有一个待办事项。感谢你伸出援手。https://forums.aws.amazon.com/thread.jspa?messageID=942361
Stack Overflow用户
发布于 2020-08-08 08:36:34
我觉得你的代码有错误。对于API网关阶段,您将使用以下块:
resource "aws_apigatewayv2_stage" "example" {
api_id = aws_apigatewayv2_api.this.id
name = "example-stage"
}在WAF关联中,您正在使用:
resource "aws_wafv2_web_acl_association" "this" {
resource_arn = aws_apigatewayv2_stage.this.arn
web_acl_arn = aws_wafv2_web_acl.this.arn
}将resource_arn = aws_apigatewayv2_stage.this.arn更改为resource_arn = aws_apigatewayv2_stage.example.arn。您将API阶段资源命名为example,但您试图访问名为this的资源的属性,而该属性并不存在。
https://stackoverflow.com/questions/63304201
复制相似问题
腾讯云开发者
