如何解决AWS SAM - AWS::WAFv2::WebACLAssociation - AWS WAF 无法执行操作,因为您的资源不存在?
我们正在尝试在我们的 SAM 模板中创建一个 AWS::WAFv2::IPSet。
WhitelistedIPAddressesIPSet:
Type: AWS::WAFv2::IPSet
Properties:
Description: 'Merchant IPs'
Scope: REGIONAL
IPAddressversion: IPV4
Addresses: [0.0.0.0/32,0.0.10.0/32]
IP 集的创建已成功完成。 创建 AWS::WAFv2::WebACLAssociation 后。
WAFApiAssociation:
Type: AWS::WAFv2::WebACLAssociation
DependsOn:
- ApiGateway
- WAFWebAcl
Properties:
ResourceArn: !Sub 'arn:aws:apigateway:${AWS::Region}::/restapis/${ApiGateway}/stages/${EnvType}'
WebACLArn: !GetAtt WAFWebAcl.Arn
Resource handler returned
ion message: "AWS WAF Couldn?t
perform the operation
because your resource
doesn?t exist. (Service:
Wafv2,Status Code: 400,Request ID: e337720a-e32c-
4c29-acde-1896855405c9,Extended Request ID:
null)" (RequestToken: f24d
0488-3016-4030-3a3b-bbb246
66f130,HandlerErrorCode:
NotFound)
我们尝试了不同格式的 IP 集的 SAM 模板,看看是否会导致问题,但没有成功。
有人可以分享一些有关此问题的有用见解吗?
解决方法
A) 如果您的资源已经直接依赖于其他资源,则不需要 password_verify()。在这种情况下是这样,因此您可以删除此属性。
B) 您需要在此处共享整个堆栈,而不仅仅是共享的堆栈,因为您的 APIGW 配置可能存在问题。由于未能创建,因此可能会出现此后续问题。
,这是 APIGW 模板 Warren Parad
CDEAPI:
Type: AWS::Serverless::Api
Properties:
# Domain:
# DomainName: !Ref CDEAPIDomainName
# SecurityPolicy: TLS_1_2
# CertificateArn: !Sub 'arn:aws:acm:us-east-1:${AWS::AccountId}:certificate/${CDEAPICertificateArn}'
# EndpointConfiguration: EDGE
# Route53:
# HostedZoneId: !Ref CDEAPIHostedZoneId
AccessLogSetting:
DestinationArn: !GetAtt CDEAPIAccessLogGroup.Arn
Format: >-
{ "requestId":"$context.requestId","ip":"$context.identity.sourceIp","caller":"$context.identity.caller","user":"$context.identity.user","userAgent":"$context.identity.userAgent","userArn":"$context.identity.userArn","requestTime":"$context.requestTime","requestTimeEpoch":"$context.requestTimeEpoch","httpMethod":"$context.httpMethod","resourcePath":"$context.resourcePath","path":"$context.path","status":"$context.status","protocol":"$context.protocol","responseLength":"$context.responseLength","responseLatency":"$context.responseLatency","authorizerLatency":"$context.authorizer.integrationLatency","integrationLatency":"$context.integrationLatency","integrationStatus":"$context.integrationStatus","xrayTraceId":"$context.xrayTraceId","errorMessage":"$context.error.message","domainName":"$context.domainName","domainPrefix":"$context.domainPrefix","tokenScopes":"$context.authorizer.claims.scope","tokenIat":"$context.authorizer.claims.iat","tokenExp":"$context.authorizer.claims.exp","cognitoIdentityId":"$context.identity.cognitoIdentityId","awsEndpointRequestId":"$context.awsEndpointRequestId","arn":"$context.identity.userArn","account":"$context.identity.accountId","claims-sub":"$context.authorizer.claims.sub","waf-error":"$context.waf.error","waf-status":"$context.waf.status","waf-latency":"$context.waf.latency","waf-response":"$context.waf.wafResponseCode","authenticate-error":"$context.authenticate.error","authenticate-status":"$context.authenticate.status","authenticate-latency":"$context.authenticate.latency","integration-error":"$context.integration.error","integration-status":"$context.integration.status","integration-latency":"$context.integration.latency","integration-requestId":"$context.integration.requestId","integration-integrationStatus":"$context.integration.integrationStatus","response-latency":"$context.responseLatency" }
StageName: !Ref EnvType
Auth:
DefaultAuthorizer: CognitoAuthorizer
AddDefaultAuthorizerToCorsPreflight: false
Authorizers:
CognitoAuthorizer:
AuthType: COGNITO_USER_POOLS
UserPoolArn: !Sub 'arn:aws:cognito-idp:${AWS::Region}:${AWS::AccountId}:userpool/${CognitoUserPoolArn}'
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
