Swanand Gajendragadkar
Reputation: 101
CloudFormation: WAF Association always fails with Internal Failure
I am trying to associate Web ACL to API gateway. I am using WAFv2. The snippet of my code is as below-
WAFAssociation:
Type: 'AWS::WAFv2::WebACLAssociation'
Properties:
WebACLArn:
- Fn::ImportValue:
!Sub "${AWS::Region}-${AWS::AccountId}-APIGateway-WebACL"
ResourceArn: !Sub
- "arn:${AWS::Partition}:apigateway:{AWS::Region}::/restapis/{api}/stages/{stageName}"
- api: !Ref RestApi
I have referred https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webaclassociation.html for this and written it. I am trying to deploy this resource in a stack, but this resource deployment always getting failed with error "Internal Failure". I am not able to find the rootcause of the issue.
Upvotes: 1
Views: 1735
Answers (1)
Marcin
Reputation: 238249
The ResourceArn is incorrect. Its missing $ in few places. Please have a look at the following form:
ResourceArn: !Sub
- "arn:${AWS::Partition}:apigateway:${AWS::Region}::/restapis/${api}/stages/${stageName}"
- api: !Ref RestApi
Also, please check examples from docs:
Name: !Sub
- www.${Domain}
- { Domain: !Ref RootDomainName }
In addition please make sure that all the external components are correct, such as stageName and RestApi.
Upvotes: 2
Related Questions
- AWS: Attach WAF to api gateway using cloudformation template
- AWS CloudFormation/API Gateway gives 'Invalid Resource identifier specified'
- AWS::WAFv2::LoggingConfiguration encounter invalid ARN when creating stack with Cloudformation
- How to add AWS WAF to an ALB via CloudFormation
- How to allow certain IP set resource with my WAF v2 via cloudformation?
- wafv2 webacl cloudformation gets error when I tried to attach the rulegroup I created
- Create a WebACL from WAFv2 with CloudFormation
- Cloudformation error for vgw not found, times out
- How to integrate CloudFront distribution to AWS WAF by using CloudFormation?
- Cloudformation not launching WAF stack in required region