Comments (6)
Hi, thanks for reporting this issue. We're going to look into it.
from aws-waf-security-automations.
Hi,
unfortunately I was not able to reproduce the issue. I deployed v3.2.5 in multiple configurations and multiple regions, and every time the upgrade to the latest v4.0.x worked fine.
- In AWS Console / CloudFormation, select the main solution stack
- Click "update stack"
- Click "replace existing template"
- Paste
https://s3.amazonaws.com/solutions-reference/security-automations-for-aws-waf/latest/aws-waf-security-automations.template
into the url field - Click next, next, next, submit
Is there anything you're doing differently?
from aws-waf-security-automations.
hi, im afraid not, that is the exact same process we use
i believe we might of had this template deployed in the past with this name and then deleted it
we are now trying to deploy with that same name,it seems to struggle with anything over v3.2.5
its as if the old version wasnt removed fully somehow - but it has gone from cloudformation console/cli exports
could there be anywhere else we would be checking where old things could be ?
or could we remove the validation check (if possible) for AppAccessLogBucket ?
from aws-waf-security-automations.
Hi,
can you verify two things for me please?
- Is
waf-dr-eu2-stack
the name of your existing stack that you're trying to update? - Does this stack have an output with the key
AppAccessLogBucket
and the value ofwaf-dr-eu2-stack-AppAccessLogBucket
? (AWS Cloudformation Console -> Select Stack -> Tab "Outputs")
If that is the case, you might be able to work around the problem using the following steps:
- Update the stack with the existing template (v3.2.5) and change the input parameter "Custom Rule - Scanner & Probes / Activate Scanner & Probe Protection" temporarily to "no". This update will remove the problematic export from the stack.
- Now update the stack with the new template version (v4.0.3).
- Finally update the stack again with the existing template (v4.0.3) setting the input parameter back to the original value, in order to re-activate the Scanner/Probe protection feature.
Please be aware that during steps 1 to 3, the Scanner/Probe protection feature is temporarily disabled. Consider the security implications of this and proceed at your own risk.
from aws-waf-security-automations.
Hi
The output has AppAccessLogBucket with the value of my s3 bucket tbg-waf-eu2-logs-dr
I tried anyway and could remove Custom Rule - Scanner & Probes which worked fine, but then i still could not upgrade to v4 latest as it came with another error.
I was then unable to rollback and add Custom Rule - Scanner & Probes back in
So i had to delete the whole stack and recreated it again on v3.2.5
I did try the following though.
i created a new waf with template 3.2.5 and called it waf123 with all the same settings - this deployed successfully
I then upgraded it v4.0.3 and it deployed successfully
So it seems only when using the stack name waf-dr-eu2-stack does it not allow me to upgrade for some reason ??
Unfortunately i do need to keep the name waf-dr-eu2-stack for the time being for some downstream automation based on the name. Not sure why using the name waf-dr-eu2-stack would be an issue ??
from aws-waf-security-automations.
Hi, I'm sorry to hear that. I don't have any plausible explanation why there would be an update issue with one specific stack name.
Since you already deleted and recreated the stack, you should be able to do the same and install the latest version instead of v3.2.5, right?
It sounds like this is not an issue with the aws-waf-security-automations solution, but rather some state you AWS account is in. so I'm going to close this bug ticket. If you have an AWS Support plan, feel free to create a support request with AWS Support who is able to look at your actual account.
from aws-waf-security-automations.
Related Issues (20)
- Runtime.ImportModuleError: Unable to import module 'helper': No module named 'lib.s3_util' HOT 2
- Need help writing Custom ACL HOT 3
- Most if not all of Lambda functions created by version 4.0.0 contain vulnerability in requests package of Python HOT 1
- Honeypot doesn't detect correct IP address with CloudFront and recommended cache configuration. HOT 4
- 4.0.2 helper.zip not available in cn-north-1 HOT 1
- Failing to create security-automations-for-aws-waf in il-central-1 HOT 3
- Support for Cloudfront realtime logs HOT 2
- Failing to create security-automations-for-aws-waf in il-central-1 HOT 3
- WAFWebACL Drift for Security Automations for AWS WAF Solution HOT 1
- Glue Table for WAF Access Logs is missing some of the log fields (e.g. labels) HOT 4
- allow cloudwatch logs destination for traffic logs, currently only supported target is s3 HOT 8
- Invalid CRON expression `cron(* ? * * * *)` HOT 6
- Can we align the resources to CIS standards from security hub. HOT 1
- Support for COUNT mode for WAF HOT 2
- How to disable managed ruleset options HOT 1
- Add a option to use a existing WebACL HOT 1
- Based on the template https://docs.aws.amazon.com/solutions/latest/security-automations-for-aws-waf/aws-cloudformation-templates.html the KeyPrefix: 'security-automations-for-aws-waf/v4.0.3' was associated with Python 3.10. Do you have a release for python 3.11? HOT 1
- S3 Access Denied for eu-central-1 HOT 1
- Regional bucket requirement does not allow for multiple regions HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-waf-security-automations.