I tried to create waf web acl using below terraform script with the region of one of my aws account (abc) as ap-southeast-1 in .aws/config file, But getting below error after applying it. whereas Same script created waf web acl successfully if my another aws account (xyz) profile region was us-east-1 in .aws/config file.
resource "aws_wafv2_web_acl" "waf_acl" {
name = local.waf_name
description = "waf setup infront of cloudfront"
scope = "CLOUDFRONT"
default_action {
allow {}
}
rule {
name = "AWS-AWSManagedRulesAmazonIpReputationList"
priority = 0
override_action {
none {}
}
statement {
managed_rule_group_statement {
name = "AWSManagedRulesAmazonIpReputationList"
vendor_name = "AWS"
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "AWS-AWSManagedRulesAmazonIpReputationList"
sampled_requests_enabled = true
}
}
rule {
name = "AWS-AWSManagedRulesAnonymousIpList"
priority = 1
override_action {
none {}
}
statement {
managed_rule_group_statement {
name = "AWSManagedRulesAnonymousIpList"
vendor_name = "AWS"
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "AWS-AWSManagedRulesAnonymousIpList"
sampled_requests_enabled = true
}
}
rule {
name = "AWS-AWSManagedRulesCommonRuleSet"
priority = 2
override_action {
none {}
}
statement {
managed_rule_group_statement {
name = "AWSManagedRulesCommonRuleSet"
vendor_name = "AWS"
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "AWS-AWSManagedRulesCommonRuleSet"
sampled_requests_enabled = true
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = local.waf_name
sampled_requests_enabled = true
}
}
Error as below
│ Error: Error creating WAFv2 WebACL: WAFInvalidParameterException: Error reason: The scope is not valid., field: SCOPE_VALUE, parameter: CLOUDFRONT
│ {
│ RespMetadata: {
│ StatusCode: 400,
│ RequestID: "b83b40074r-b3a55-49e76-b2353-e16f32830518632"
│ },
│ Field: "SCOPE_VALUE",
│ Message_: "Error reason: The scope is not valid., field: SCOPE_VALUE, parameter: CLOUDFRONT",
│ Parameter: "CLOUDFRONT",
│ Reason: "The scope is not valid."
│ }
│
│ with aws_wafv2_web_acl.waf_acl,
│ on main.tf line 122, in resource "aws_wafv2_web_acl" "waf_acl":
│ 122: resource "aws_wafv2_web_acl" "waf_acl" {
Please Note:- same script worked perfectly fine in us-east-1 region with the scope="CLOUDFRONT". Any help would be really appreciable.
Thanks in advance.