c# - TestWebACL 错误原因 : Your statement has multiple values set for a field that requires exactly one value

Question

 var ipSets = new CfnIPSet(scope, "IPSet", new CfnIPSetProps
            {
              
                Name = "IPTest",
                Addresses = new string[] { "1.2.3.4/32" },
                IpAddressVersion = "IPV4",
                Scope= "REGIONAL"
});

new CfnWebACL.RuleProperty()
                    {
                        Name = "Black-List-Rules",
                        Priority = 5,
                       //statement not properly translated
                        Statement = new CfnWebACL.StatementOneProperty
                        {
                             IpSetReferenceStatement = ipSets.AttrArn
                        },
                        VisibilityConfig = new CfnWebACL.VisibilityConfigProperty
                        {
                            SampledRequestsEnabled = true,
                            CloudWatchMetricsEnabled = true,
                            MetricName = "Black-List-Rules"
                        },
                        Action = new CfnWebACL.RuleActionProperty
                        {
                            Allow = new CfnWebACL.RuleActionProperty { Allow = false}
                        },
 }

TestWebACL 错误原因:您的语句为只需要一个值的字段设置了多个值。字段:STATMENT，参数:语句(服务:Wafv2，状态代码:400，请求 ID:dd0d6492-5aa9-41e2-ac15 -ee7bc133d705，扩展请求 ID:空) C:\Users\futechz\AppData\Local\Temp\1hae5afq.wun\jsii-runtime.js:7922:49 _ Kernel._wrapSandboxCode (C:\Users\futechz\AppData\Local\Temp\1hae5afq.wun\jsii-runtime.js:8395:20) _ Kernel._create (C:\Users\futechz\AppData\Local\Temp\1hae5afq.wun\jsii-runtime.js:7922:26) _ Kernel.create (C:\Users\futechz\AppData\Local\Temp\1hae5afq.wun\jsii-runtime.js:7666:21) _ KernelHost.processRequest (C:\Users\futechz\AppData\Local\Temp\1hae5afq.wun\jsii-runtime.js:7446:28) _ KernelHost.run (C:\Users\futechz\AppData\Local\Temp\1hae5afq.wun\jsii-runtime.js:7384:14) _ 立即._onImmediate (C:\Users\futechz\AppData\Local\Temp\1hae5afq.wun\jsii-runtime.js:7387:37) _ processImmediate(内部/timers.js:456:21)

云的形成(cdk合成器)

{
            "Action": {
              "Block": {
                "block": true
              }
            },
            "Name": "Black-List-Rules",
            "Priority": 5,
            "Statement": {}, //missing
            "VisibilityConfig": {
              "CloudWatchMetricsEnabled": true,
              "MetricName": "Black-List-Rules",
              "SampledRequestsEnabled": true
            }
          }

Answer 1

已解决

 ["Statement"] = new Dictionary<string, object>
                        {
                            ["OrStatement"] =   new Dictionary<string, object>
                            {
                                ["Statements"] = new [] {

                                        new Dictionary<string, object>
                                        {
                                            ["IpSetReferenceStatement"] = new Dictionary<string , object> {
                                                   ["Arn"] = ipSetsOne.AttrArn
                                            },
                                        },
                                        new Dictionary<string, object>
                                        {
                                            ["IpSetReferenceStatement"] = new Dictionary<string , object> {
                                                   ["Arn"] = ipSetsTwo.AttrArn
                                            },
                                        }

                                }

                            }

                        },

https://docs.aws.amazon.com/cdk/latest/guide/cfn_layer.html