我有一个带有可用计数语句的 AWSManagedRulesCommonRuleSet,需要通过允许 SizeRestrictions_BODY 添加另一个语句。准备了这个 tf,但应用时,计划显示规则在 terraform 运行中添加然后删除。
tf:
rule {
name = "AWS-AWSManagedRulesCommonRuleSet"
priority = 0
override_action {
none {}
}
statement {
managed_rule_group_statement {
name = "AWSManagedRulesCommonRuleSet"
vendor_name = "AWS"
rule_action_override {
action_to_use {
count {
custom_request_handling {
insert_header {
name = "tfapv4"
value = "noloop"
}
}
}
}
name = "CrossSiteScripting_BODY"
}
rule_action_override {
name = "SizeRestrictions_BODY"
action_to_use {
allow {}
}
}
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "AWS-AWSManagedRulesCommonRuleSet"
sampled_requests_enabled = true
}
}
输出:
+ rule {
+ name = "AWS-AWSManagedRulesCommonRuleSet"
+ priority = 0
+ override_action {
+ none {}
}
+ statement {
+ managed_rule_group_statement {
+ name = "AWSManagedRulesCommonRuleSet"
+ vendor_name = "AWS"
+ rule_action_override {
+ name = "CrossSiteScripting_BODY"
+ action_to_use {
+ count {
+ custom_request_handling {
+ insert_header {
+ name = "tfapv4"
+ value = "noloop"
}
}
}
}
}
+ rule_action_override {
+ name = "SizeRestrictions_BODY"
+ action_to_use {
+ allow {
}
}
}
}
}
+ visibility_config {
+ cloudwatch_metrics_enabled = true
+ metric_name = "AWS-AWSManagedRulesCommonRuleSet"
+ sampled_requests_enabled = true
}
}
- rule {
- name = "AWS-AWSManagedRulesCommonRuleSet" -> null
- priority = 0 -> null
- override_action {
- none {}
}
- statement {
- managed_rule_group_statement {
- name = "AWSManagedRulesCommonRuleSet" -> null
- vendor_name = "AWS" -> null
- rule_action_override {
- name = "CrossSiteScripting_BODY" -> null
- action_to_use {
- count {
}
}
}
- rule_action_override {
- name = "SizeRestrictions_BODY" -> null
- action_to_use {
- allow {
}
}
}
}
}
- visibility_config {
- cloudwatch_metrics_enabled = true -> null
- metric_name = "AWS-AWSManagedRulesCommonRuleSet" -> null
- sampled_requests_enabled = true -> null
}
}
需要一个解决方案来添加具有 1 个计数和 1 个允许的多个语句。
Cara não sei se voce já conseguiu resolver mas aqui tenho aqui um codigo que pode te ajudar:
rule {
name = "AWSManagedRulesCommonRuleSet"
priority = 0
override_action {
none {}
}
statement {
managed_rule_group_statement {
name = "AWSManagedRulesCommonRuleSet"
vendor_name = "AWS"
dynamic "rule_action_override" {
for_each = toset([
"CrossSiteScripting_BODY",
])
content {
name = rule_action_override.value
action_to_use {
count {
custom_request_handling {
insert_header {
name = "tfapv4"
value = "noloop"
}
}
}
}
}
}
dynamic "rule_action_override" {
for_each = toset([
"SizeRestrictions_BODY",
])
content {
name = rule_action_override.value
action_to_use {
action_to_use {
allow {}
}
}
}
}
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "AWSManagedRulesCommonRuleSet"
sampled_requests_enabled = true
}
}