troposphere icon indicating copy to clipboard operation
troposphere copied to clipboard
verified publisher icon cloudtools

wafv2.py RegularExpressionList should not take a RegularExpressionList object

Open jonmoss-konsentus opened this issue 5 years ago • 0 comments

When trying to create a Regular Expression matcher in WafV2 using troposphere you have to add a RegularExpressionList object to a RegularExpressionList parameter.

Looking at the CFN documentation (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-regexpatternset.html#cfn-wafv2-regexpatternset-regularexpressionlist)

I think that RegularExpressionList should just take a list of strings (Regex validated).

Currently you would have to write the following python code

cfn.add_resource(
    RegexPatternSet(
        "fooRegex",
        Name="match_foo",
        Description="regex to match /foo",
        RegularExpressionList=RegularExpressionList(
            RegularExpressionList=[Regex(RegexString="^\/foo.*")]
        ),
        Scope="REGIONAL",
    )
)

Which outputs the following CFN

      fooRegex:
        Properties:
          Description: regex to match /foo
          Name: match_foo
          RegularExpressionList:
            RegularExpressionList:
              - RegexString: ^\/foo.*
          Scope: REGIONAL
        Type: AWS::WAFv2::RegexPatternSet

If this you deploy this CFN to AWS it fails with Internal Failure

jonmoss-konsentus avatar May 12 '20 11:05 jonmoss-konsentus