You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description
It appears that the evaluation_window_sec argument in the rate_based_statement block of the AWS WAFv2 module is not functioning as expected. Despite multiple attempts to set and update this argument, Terraform does not seem to recognize or apply the changes.
Steps to Reproduce
Initially set the evaluation_window_sec argument in the rate_based_statement block before deploying the infrastructure.
Deploy the infrastructure using Terraform.
Observe that the evaluation_window_sec argument does not take effect.
Attempt to update the evaluation_window_sec argument post-deployment.
Apply the changes using Terraform.
Notice that Terraform does not respond to the changes made to the evaluation_window_sec argument.
Relevant Code Snippet
Actual Behavior
Terraform does not recognize or apply the evaluation_window_sec argument. There is no change in the behavior of the rate-based statements when this argument is set or updated.
Additional Information
This issue is critical as it affects the rate-limiting behavior of our WAF rules, which is essential for our application's security and performance. Any assistance or insights into resolving this issue would be greatly appreciated.
Thank you.
The text was updated successfully, but these errors were encountered:
Description
It appears that the evaluation_window_sec argument in the rate_based_statement block of the AWS WAFv2 module is not functioning as expected. Despite multiple attempts to set and update this argument, Terraform does not seem to recognize or apply the changes.
Steps to Reproduce
Initially set the evaluation_window_sec argument in the rate_based_statement block before deploying the infrastructure.
Deploy the infrastructure using Terraform.
Observe that the evaluation_window_sec argument does not take effect.
Attempt to update the evaluation_window_sec argument post-deployment.
Apply the changes using Terraform.
Notice that Terraform does not respond to the changes made to the evaluation_window_sec argument.
Relevant Code Snippet
module "waf" {
source = "github.com/aws-ss/terraform-aws-wafv2"
resource_arn = [aws_lb.test_alb.arn]
name = "custom_rate_based_waf"
scope = "REGIONAL"
default_action = "allow"
rule = [
{
name = "AWSManagedRulesAdminProtectionRuleSet"
priority = 1
override_action = "none"
managed_rule_group_statement = {
name = "AWSManagedRulesAdminProtectionRuleSet"
vendor_name = "AWS"
}
visibility_config = {
cloudwatch_metrics_enabled = true
metric_name = "AWSManagedRulesAdminProtectionRuleSet"
sampled_requests_enabled = true
}
},
{
name = "uri_regex_host_full"
priority = 10
action = "block"
rate_based_statement = {
limit = 150
aggregate_key_type = "IP"
evaluation_window_sec = 60
scope_down_statement = {
and_statement = {
statements = [
{
regex_pattern_set_reference_statement = {
field_to_match = {
uri_path = {}
}
arn = aws_wafv2_regex_pattern_set.uri_regex.arn
text_transformation = [
{
priority = 0
type = "NONE"
}
]
}
},
{
byte_match_statement = {
field_to_match = {
single_header = {
name = "host"
}
}
positional_constraint = "CONTAINS"
search_string = "quicklizard.com"
text_transformation = [
{
priority = 0
type = "NONE"
}
]
}
}
]
}
}
}
visibility_config = {
cloudwatch_metrics_enabled = false
metric_name = "cloudwatch_metric_name"
sampled_requests_enabled = false
}
},
{
name = "uri_full_host_full"
priority = 13
action = "block"
rate_based_statement = {
limit = 150
aggregate_key_type = "IP"
evaluation_window_sec = 60
scope_down_statement = {
and_statement = {
statements = [
{
byte_match_statement = {
field_to_match = {
uri_path = {}
}
positional_constraint = "CONTAINS"
search_string = "/home/"
text_transformation = [
{
priority = 0
type = "NONE"
}
]
}
},
{
byte_match_statement = {
field_to_match = {
single_header = {
name = "host"
}
}
positional_constraint = "CONTAINS"
search_string = "quicklizard.com"
text_transformation = [
{
priority = 0
type = "NONE"
}
]
}
}
]
}
}
}
visibility_config = {
cloudwatch_metrics_enabled = false
metric_name = "cloudwatch_metric_name"
sampled_requests_enabled = false
}
},
{
name = "uri_full_host_regex"
priority = 14
action = "block"
rate_based_statement = {
limit = 150
aggregate_key_type = "IP"
evaluation_window_sec = 60
scope_down_statement = {
and_statement = {
statements = [
{
regex_pattern_set_reference_statement = {
arn = aws_wafv2_regex_pattern_set.host_regex.arn
field_to_match = {
single_header = {
name = "host"
}
}
text_transformation = [
{
priority = 0
type = "NONE"
}
]
}
},
{
byte_match_statement = {
field_to_match = {
uri_path = {}
}
positional_constraint = "CONTAINS"
search_string = "/home/"
text_transformation = [
{
priority = 0
type = "NONE"
}
]
}
}
]
}
}
}
visibility_config = {
cloudwatch_metrics_enabled = false
metric_name = "cloudwatch_metric_name"
sampled_requests_enabled = false
}
},
{
name = "uri_regex_host_regex"
priority = 100
action = "block"
rate_based_statement = {
limit = 150
aggregate_key_type = "IP"
evaluation_window_sec = 60
scope_down_statement = {
and_statement = {
statements = [
{
regex_pattern_set_reference_statement = {
arn = aws_wafv2_regex_pattern_set.host_regex.arn
field_to_match = {
single_header = {
name = "host"
}
}
text_transformation = [
{
priority = 0
type = "NONE"
}
]
}
},
{
regex_pattern_set_reference_statement = {
arn = aws_wafv2_regex_pattern_set.uri_regex.arn
field_to_match = {
uri_path = {}
}
text_transformation = [
{
priority = 0
type = "NONE"
}
]
}
}
]
}
}
}
visibility_config = {
cloudwatch_metrics_enabled = false
metric_name = "cloudwatch_metric_name"
sampled_requests_enabled = false
}
}
]
visibility_config = {
cloudwatch_metrics_enabled = false
metric_name = "cloudwatch_metric_name"
sampled_requests_enabled = false
}
}
Expected Behavior
The evaluation_window_sec argument should be recognized and applied by Terraform both during the initial deployment and subsequent updates. The specified evaluation window should be set for the rate-based statements as intended.
Actual Behavior
Terraform does not recognize or apply the evaluation_window_sec argument. There is no change in the behavior of the rate-based statements when this argument is set or updated.
Additional Information
This issue is critical as it affects the rate-limiting behavior of our WAF rules, which is essential for our application's security and performance. Any assistance or insights into resolving this issue would be greatly appreciated.
Thank you.
The text was updated successfully, but these errors were encountered: