terraform-provider-aws icon indicating copy to clipboard operation
terraform-provider-aws copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

aws_fms_policy Unsupported resource type "AWS::ApiGatewayV2::Stage"

Open travisnburton opened this issue 2 years ago • 0 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Terraform v1.1.7 AWS Provider v4.21.0

Affected Resource(s)

aws_fms_policy

Terraform Configuration Files

resource "aws_fms_policy" "this" {
  name     = "foo

  # Policy Details
  security_service_policy_data {
    type = "WAFV2"
    managed_service_data = "{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[{\"ruleGroupArn\":null,\"overrideAction\":{\"type\":\"NONE\"},\"managedRuleGroupIdentifier\":{\"version\":null,\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesAmazonIpReputationList\"},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[{\"name\":\"NoUserAgent_HEADER\"}]}],\"postProcessRuleGroups\":[],\"defaultAction\":{\"type\":\"ALLOW\"},\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":{\"logDestinationConfigs\":[\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\"],\"redactedFields\":[{\"redactedFieldType\":\"SingleHeader\",\"redactedFieldValue\":\"Cookies\"},{\"redactedFieldType\":\"Method\"}]}}"

  include_map {
    orgunit = [ "ou-1234" ]
  }

  resource_type_list = [ "AWS::ElasticLoadBalancingV2::LoadBalancer", "AWS::ApiGateway::Stage", "AWS::ApiGatewayV2::Stage" ]

  exclude_resource_tags = false
  resource_tags         = { foo = "bar" }
  remediation_enabled =  true
  delete_unused_fm_managed_resources = true

}

Debug Output

╷
│ Error: error creating FMS Policy: InvalidInputException: Unsupported resource types. Valid resource types are ["AWS::ElasticLoadBalancingV2::LoadBalancer", "AWS::ApiGateway::Stage"] for a WAF policy with regional scope or ["AWS::CloudFront::Distribution"] for a WAF policy with global scope.
│ 
│   with aws_fms_policy.this,
│   on [main.tf](http://main.tf/) line 1, in resource "aws_fms_policy" "this":
│    1: resource "aws_fms_policy" "this" {
│ 
╵

Expected Behavior

Confirmed with AWS support that ApiGatewayV2 is valid, admittedly the API docs are not great for this.

Actual Behavior

Failure to create policy with APIGWv2

Steps to Reproduce

  1. terraform apply

References

https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_SecurityServicePolicyData.html

travisnburton avatar Aug 09 '22 20:08 travisnburton