Open
Description
Describe the Bug
Using the latest version of the module with the following args does not end up creating a logging configuration that works:
module "firewall_manager" {
source = "cloudposse/firewall-manager/aws"
version = "0.4.0"
# Specify our own Kinesis Firehose
firehose_enabled = false
firehose_arn = module.firehose.kinesis_firehose_arn
providers = {
aws.admin = aws.admin
aws = aws
}
security_groups_usage_audit_policies = []
waf_v2_policies = []
}
module "firehose" {
source = "fdmsantos/kinesis-firehose/aws"
version = "1.9.0"
name = "firewall-manager"
destination = "s3"
s3_bucket_arn = module.s3-bucket.s3_bucket_arn
}
module "s3-bucket" {
source = "terraform-aws-modules/s3-bucket/aws"
version = "3.14.0"
bucket = "aws-waf-logs-${data.aws_caller_identity.current.account_id}-firewall-manager"
}
data "aws_caller_identity" "current" {}
Expected Behavior
I would expect the module to associate my Firehose ARN with the Firewall Manager instance. But instead I receive this error:
╷
│ Error: updating FMS Policy (<uuid>): InvalidInputException: Error in the SecurityServiceData.ManagedServiceData at [Source: (String)"{"defaultAction":{"type":"ALLOW"},"loggingConfiguration":"{\"logDestinationConfigs\":[null],\"redactedFields\":[{\"redactedFieldType\":\"SingleHeader\",\"redactedFieldValue\":\"Cookies\"},{\"redactedFieldType\":\"Method\"}]}","overrideCustomerWebACLAssociation":false,"postProcessRuleGroups":[],"preProcessRuleGroups":[{"excludeRules":[],"managedRuleGroupIdentifier":null,"overrideAction":{"type":"NONE"},"ruleGroupArn":"arn:aws:wafv2:us-east-2:XXXX:regional/rulegroup/myRuleGroup/xx"[truncated 1804 chars]; line: 1, column: 58]
│
│ with module.firewall_manager.aws_fms_policy.waf_v2["load-balancer"],
│ on .terraform/modules/firewall_manager/waf_v2.tf line 11, in resource "aws_fms_policy" "waf_v2":
│ 11: resource "aws_fms_policy" "waf_v2" {
│
╵
I also get the same error if I try to use the supplied Kinesis Firehose.
Steps to Reproduce
Run terraform init / plan / apply
with the above code.
Screenshots
No response
Environment
- OS: macOS
- Version: 13.4.1
- Module version: 0.4.0
- Terraform version: 1.4.6
Additional Context
No response