我在查找错误时遇到问题。我正在尝试将 WafACL 连接到 API Gateway Deployment,我正在使用这样的命令:
aws wafv2 associate-web-acl --web-acl-arn d3b11jj1-30c6-46ae-8e58-6a90ae69eeaf --resource-arn 'arn:aws:apigateway:us-east-1::/restapis/*api-id*/stages/dev'
An error occurred (WAFInvalidParameterException) when calling the AssociateWebACL operation: Error reason: The ARN isn’t valid. A valid ARN begins with arn: and includes other information separated by colons or slashes., field: RESOURCE_ARN, parameter: d3b11jj1-30c6-46ae-8e58-6a90ae69eeaf
我也尝试使用 CloudFormation:
AWSTemplateFormatVersion: "2010-09-09"
Description: "DB Management Service"
Resources:
WebACLAssociation:
Type: AWS::WAFv2::WebACLAssociation
Properties:
ResourceArn: 'arn:aws:apigateway:us-east-1::/restapis/*api-id*/stages/dev'
WebACLArn:
Ref: WebACL
WebACL:
Type: AWS::WAFv2::WebACL
Properties:
DefaultAction:
Allow: {}
Rules:
- Name: WebACLRule
Action:
Block: {}
Priority: 0
Statement:
RateBasedStatement:
AggregateKeyType: IP
Limit: 2048
VisibilityConfig:
CloudWatchMetricsEnabled: true
MetricName: Requests
SampledRequestsEnabled: false
Scope: REGIONAL
VisibilityConfig:
CloudWatchMetricsEnabled: true
MetricName: WafACL
SampledRequestsEnabled: true
但在这里我也得到:
Error reason: The ARN isn?t valid. A valid ARN begins with arn: and includes other information separated by colons or slashes., field: RESOURCE_ARN
我不认为阿恩是不正确的。我尝试在各种组合中使用它。
最佳答案
Wafv2 对 arn 有不同的方案。
Waf v1 使用看起来像 UUID 的东西,而 Wafv2 使用完全限定的 ARN。
aws wafv2 associate-web-acl \
--web-acl-arn arn:aws:wafv2:us-west-2:123456789012:regional/webacl/test-cli/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 \
--resource-arn arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/waf-cli-alb/1ea17125f8b25a2a \
--region us-west-2
所以在你的情况下它可能看起来像
aws wafv2 associate-web-acl --web-acl-arn arn:aws:wafv2:<region>:<account>:regional/webacl/<webacl name>/d3b11jj1-30c6-46ae-8e58-6a90ae69eeaf --resource-arn 'arn:aws:apigateway:us-east-1::/restapis/*api-id*/stages/dev'
同样在 CFN 中,Wafv2 有多个返回属性,所以你不能做得很好
WebACLArn: !Ref <webacl>
但是你必须做类似的事情
WebACLArn: !GetAtt <webacl>.Arn
引用
https://docs.aws.amazon.com/cli/latest/reference/wafv2/associate-web-acl.html
关于amazon-web-services - 将WebACL应用于API网关,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60955745/