CDK WAF Python 多语句值错误
CDK WAF Python Multiple Statement velues error
我有使用规则的 AWS WAF CDK,现在我正尝试使用多个语句在 WAF 中添加规则,但出现此错误:
Resource handler returned message: "Error reason: You have used none or multiple values for a field that requires exactly one value., field: STATEMENT, parameter: Statement (Service: Wafv2, Status Code: 400, Request ID: 6a36bfe2-543c-458a-9571-e929142f5df1, Extended Request ID: null)" (RequestToken: b751ae12-bb60-bb75-86c0-346926687ea4, HandlerErrorCode: InvalidRequest)
我的代码:
{
'name': 'ruleName',
'priority': 3,
'statement': {
'orStatement': {
'statements': [
{
'iPSetReferenceStatement': {
'arn': 'arn:myARN'
}
},
{
'iPSetReferenceStatement': {
'arn': 'arn:myARN'
}
}
]
}
},
'action': {
'allow': {}
},
'visibilityConfig': {
'sampledRequestsEnabled': True,
'cloudWatchMetricsEnabled': True,
'metricName': 'ruleName'
}
},
那里发生了两件事:
首先,您的大写字母已关闭。 iPSetReferenceStatement 无法解析并创建空语句引用。正确的键是 ipSetReferenceStatement.
但是,如前所述 here,有一个 jsii 实施错误导致 IPSetReferenceStatementProperty 出现一些问题。这导致它无法正确解析,导致合成时出现 jsii 错误。
您可以使用 post 中提到的解决方法修复它。
添加到包含结构的文件中:
import jsii
from aws_cdk import aws_wafv2 as wafv2 # just for clarity, you might already have this imported
@jsii.implements(wafv2.CfnRuleGroup.IPSetReferenceStatementProperty)
class IPSetReferenceStatement:
@property
def arn(self):
return self._arn
@arn.setter
def arn(self, value):
self._arn = value
然后定义你的ip引用语句如下:
ip_set_ref_stmnt = IPSetReferenceStatement()
ip_set_ref_stmnt.arn = "arn:aws:..."
ip_set_ref_stmnt_2 = IPSetReferenceStatement()
ip_set_ref_stmnt_2.arn = "arn:aws:..."
然后在webacl的rules部分,可以这样使用:
...
rules=[
{
'name': 'ruleName',
'priority': 3,
'statement': {
'orStatement': {
'statements': [
wafv2.CfnWebACL.StatementProperty(
ip_set_reference_statement=ip_set_ref_stmnt
),
wafv2.CfnWebACL.StatementProperty(
ip_set_reference_statement=ip_set_ref_stmnt_2
),
]
}
},
'action': {
'allow': {}
},
'visibilityConfig': {
'sampledRequestsEnabled': True,
'cloudWatchMetricsEnabled': True,
'metricName': 'ruleName'
}
}
]
...
这应该会按预期合成您的堆栈。
我有使用规则的 AWS WAF CDK,现在我正尝试使用多个语句在 WAF 中添加规则,但出现此错误:
Resource handler returned message: "Error reason: You have used none or multiple values for a field that requires exactly one value., field: STATEMENT, parameter: Statement (Service: Wafv2, Status Code: 400, Request ID: 6a36bfe2-543c-458a-9571-e929142f5df1, Extended Request ID: null)" (RequestToken: b751ae12-bb60-bb75-86c0-346926687ea4, HandlerErrorCode: InvalidRequest)
我的代码:
{
'name': 'ruleName',
'priority': 3,
'statement': {
'orStatement': {
'statements': [
{
'iPSetReferenceStatement': {
'arn': 'arn:myARN'
}
},
{
'iPSetReferenceStatement': {
'arn': 'arn:myARN'
}
}
]
}
},
'action': {
'allow': {}
},
'visibilityConfig': {
'sampledRequestsEnabled': True,
'cloudWatchMetricsEnabled': True,
'metricName': 'ruleName'
}
},
那里发生了两件事:
首先,您的大写字母已关闭。 iPSetReferenceStatement 无法解析并创建空语句引用。正确的键是 ipSetReferenceStatement.
但是,如前所述 here,有一个 jsii 实施错误导致 IPSetReferenceStatementProperty 出现一些问题。这导致它无法正确解析,导致合成时出现 jsii 错误。
您可以使用 post 中提到的解决方法修复它。
添加到包含结构的文件中:
import jsii
from aws_cdk import aws_wafv2 as wafv2 # just for clarity, you might already have this imported
@jsii.implements(wafv2.CfnRuleGroup.IPSetReferenceStatementProperty)
class IPSetReferenceStatement:
@property
def arn(self):
return self._arn
@arn.setter
def arn(self, value):
self._arn = value
然后定义你的ip引用语句如下:
ip_set_ref_stmnt = IPSetReferenceStatement()
ip_set_ref_stmnt.arn = "arn:aws:..."
ip_set_ref_stmnt_2 = IPSetReferenceStatement()
ip_set_ref_stmnt_2.arn = "arn:aws:..."
然后在webacl的rules部分,可以这样使用:
...
rules=[
{
'name': 'ruleName',
'priority': 3,
'statement': {
'orStatement': {
'statements': [
wafv2.CfnWebACL.StatementProperty(
ip_set_reference_statement=ip_set_ref_stmnt
),
wafv2.CfnWebACL.StatementProperty(
ip_set_reference_statement=ip_set_ref_stmnt_2
),
]
}
},
'action': {
'allow': {}
},
'visibilityConfig': {
'sampledRequestsEnabled': True,
'cloudWatchMetricsEnabled': True,
'metricName': 'ruleName'
}
}
]
...
这应该会按预期合成您的堆栈。