Menu
I got a microservice in an ECS instance in AWS behind a WAF, I want to create these rules:
The first two IP set are created, but I can't make the last one to work. I tried creating the IP set with 0.0.0.0/0 and another combinations without success.
This is my code, I removed ipset 1 and 2 (that are working), this is the ipset 3:
resource "aws_wafv2_ip_set" "ipset" {
name = "${var.app_name}-${var.environment_name}-whitelist-ips"
scope = "REGIONAL"
ip_address_version = "IPV4"
addresses = ["0.0.0.0/0"]
}
module "alb_wafv2" {
source = "trussworks/wafv2/aws"
version = "~> 2.0"
name = "${var.app_name}-${var.environment_name}"
scope = "REGIONAL"
alb_arn = aws_lb.app_lb.arn
associate_alb = true
ip_sets_rule = [
{
name = "${var.app_name}-${var.environment_name}-ip-blacklist"
action = "deny"
priority = 1
ip_set_arn = aws_wafv2_ip_set.ipset.arn
}
]
}
{
RespMetadata: {
StatusCode: 400,
RequestID: "c98b2d3a-ebd0-44e0-a80a-702bc698598b"
},
Field: "IP_ADDRESS",
Message_: "Error reason: The parameter contains formatting that is not valid., field: IP_ADDRESS, parameter: 0.0.0.0/0",
Parameter: "0.0.0.0/0",
Reason: "The parameter contains formatting that is not valid."
}
Tried to create an IP Set from the AWS Console with the same error:
So I got two questions, first, how can I do this? And the second one, is this the best approach?
Thanks in advance
800
Consider using this trick to bypass the 0.0.0.0/0 limitation:
Divide the IPv4 address space into two chunks: 0.0.0.0/1 and 128.0.0.0/1
The following terraform snippet was accepted and the ip set was created by TF (Terraform 0.15.4 and aws provider version 3.42.0):
resource "aws_wafv2_ip_set" "ipset" {
name = "all_internet_kludge"
scope = "REGIONAL"
ip_address_version = "IPV4"
addresses = ["0.0.0.0/1", "128.0.0.0/1"]
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
