I haven't worked with WAF, but the documentation [1] seems to refer to
the actual ARN rather than the ALB name. Do you get the ARN of the ALB
out of the find_lb_name module?
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafregional_web_acl_association#resource_arn
Regards,
Chamila
https://chamilad.github.io/
On 12/03/2021 10:18 pm, Lucas Possamai wrote:
> Hi all,
>
> I'm creating an EKS cluster in AWS with an ALB ingress, then, I'm
> creating some AWS WAF resources and using
> aws_wafregional_web_acl_association
> <
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafregional_web_acl_association>
> to associate the WAF policies to my Kubernetes ELB.
>
> However, *aws_wafregional_web_acl_association* fails with the following
> error:
>
> ---
>
> aws_wafregional_web_acl_association.Blacklist_WACL: Creating...
>
> Error: Error creating WAF Regional Web ACL association:
> WAFInvalidParameterException:
> {
> RespMetadata: {
> StatusCode: 400,
> RequestID: "280afc01-d39a-4261-b74d-0087b7ca8bb9"
> },
> Field: "ResourceArn",
> Parameter: "RESOURCE_ARN",
> Reason: "ILLEGAL_ARGUMENT"
> }
>
> on
waf_webacl_association.tf <
http://waf_webacl_association.tf> line
> 2, in resource "aws_wafregional_web_acl_association" "Blacklist_WACL":
> 2: resource "aws_wafregional_web_acl_association"
> "AWS_Security_Blog_Blacklist_WACL" {
>
> ---
>
> My resource looks like this:
> resource"aws_wafregional_web_acl_association""Blacklist_WACL"{
> resource_arn ="${module.find_lb_name.stdout}"
> web_acl_id =
aws_wafregional_web_acl.Blacklist_WACL.id
> }
>
> *module.find_lb_name.stdout* returns the ELB name. I have also tried the
> full ELB ARN, same error.
> Example of an ELB ARN:
> arn:aws:elasticloadbalancing:region:accountid:loadbalancer/${module.find_lb_name.stdout}
>
> What am I missing? Thanks in advance!
>
> --
> This mailing list is governed under the HashiCorp Community Guidelines -
>
https://www.hashicorp.com/community-guidelines.html
> <
https://www.hashicorp.com/community-guidelines.html>. Behavior in
> violation of those guidelines may result in your removal from this
> mailing list.
>
> GitHub Issues:
https://github.com/hashicorp/terraform/issues
> <
https://github.com/hashicorp/terraform/issues>
> IRC: #terraform-tool on Freenode
> ---
> You received this message because you are subscribed to the Google
> Groups "Terraform" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to
terraform-too...@googlegroups.com
> <mailto:
terraform-too...@googlegroups.com>.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/terraform-tool/CAE_gQfXEiYy3G27TCv2fRwbwq3GSis_YoashfC6FhF3tzSi6Lw%40mail.gmail.com
> <
https://groups.google.com/d/msgid/terraform-tool/CAE_gQfXEiYy3G27TCv2fRwbwq3GSis_YoashfC6FhF3tzSi6Lw%40mail.gmail.com?utm_medium=email&utm_source=footer>.