serverless-associate-waf icon indicating copy to clipboard operation
serverless-associate-waf copied to clipboard

Published 20 hours ago verified publisher icon mikesouza

Use existing WAF with plugin

Open iwt-kschoenrock opened this issue 4 years ago • 8 comments

Hello! I'm trying to use a WAF created with Terraform with the serverless-associate-waf plugin, but I get the following error when trying to deploy:

Error: The CloudFormation template is invalid: Unresolved resource dependencies [ApiGatewayRestApi] in the Outputs block of the template

The offending snippet seems to be this, at the end of cloudformation-template-update-stack.json:

...
"ApiGatewayRestApiWaf": {
  "Description": "Rest API Id",
  "Value": {
    "Ref": "ApiGatewayRestApi"
  }
}

I've configured the plugin as follows (only the changes introduced):

serverless.yaml:

custom:
  stages:
    stageName:
      waf_name: stageName-acl
  associateWaf:
    name: ${self:custom.stages.${self:provider.stage}.waf_name}
    version: Regional

plugins:
  - serverless-associate-waf

The WAF (classic) is named stageName-acl, as verified on the AWS Console, but I see no mention of it in the Cloudformation files. Am I doing something wrong?

Versions:

$ sls --version
Framework Core: 2.4.0 (local)
Plugin: 4.0.4
SDK: 2.3.2
Components: 3.2.1

serverless-associate-waf: 1.2.1

iwt-kschoenrock avatar Oct 09 '20 09:10 iwt-kschoenrock

@iwt-kschoenrock Thank you for providing plenty of details, especially the version information. The error you're getting is strange.

If you comment out the inclusion of the serverless-associate-waf plugin, does Serverless deploy successfully?

If it does work successfully without using the plugin, I will try to investigate and reproduce your issue today. This issue may have to do with Serverless Framework v2.0 being released last month. I have not tested the plugin's compatibility yet.

mikesouza avatar Oct 09 '20 10:10 mikesouza

Thanks for the fast response. Yes, commenting the plugin out allows Serverless to deploy successfully.

iwt-kschoenrock avatar Oct 09 '20 11:10 iwt-kschoenrock

@iwt-kschoenrock I am unable to reproduce this. Does not appear to be related to Serverless version. If you replace the interpolation (${self:custom.stages.${self:provider.stage}.waf_name}) with stageName-acl, does it work?

mikesouza avatar Oct 20 '20 19:10 mikesouza

No, the same error happens...

iwt-kschoenrock avatar Oct 26 '20 12:10 iwt-kschoenrock

We see the same error when we pass the api-gateway id as an input to serverless. May be it happens because plugin is expecting autogenerated api gateway id.

I made an attempt to fix the issue in this PR when you have an api gateway external to serverless

SachinKSingh28 avatar Nov 02 '20 16:11 SachinKSingh28

Any updates on this ? Currently running into the same problem. I try to attach a webacl generated with terraform and get the same error.

Error: The CloudFormation template is invalid: Unresolved resource dependencies [ApiGatewayRestApi] in the Outputs block of the template

  Your Environment Information ---------------------------
     Operating System:          win32
     Node Version:              15.5.1
     Framework Version:         2.22.0
     Plugin Version:            4.4.2
     SDK Version:               2.3.2
     Components Version:        3.6.0

ghost avatar Feb 16 '21 13:02 ghost

@MikeSouza

Can you please tell me when are you planning to release this fix as a new version?

sakthi-ganesh avatar Feb 23 '21 00:02 sakthi-ganesh

Hello @MikeSouza, Any updates on that one? I'm having the same issue here. Any workaround?

willpeixoto avatar Sep 02 '22 19:09 willpeixoto