aws_wafv2_web_acl rule and_statement syntax in terraform #135
Description
What is the current behavior?
Terraform plan is giving error. Please provide a proper way to write and_statement for aws_wafv2_web_acl AWS resource.
If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem.
Create any aws_wafv2_web_acl resource with below rule and run terraform plan or validate.
rule {
name = "my-block-post-requests-content-type-application-json"
priority = 7
action {
block {}
}
statement {
and_statement {
statements = [
{
byte_match_statement = {
field_to_match {
method {}
}
positional_constraint = CONTAINS
search_string = POST
text_transformation {
priority = 0
type = NONE
}
}
},
{
not_statement {
statement {
byte_match_statement {
search_string = "application/json"
field_to_match {
single_header {
name = "content-type"
}
}
positional_constraint = CONTAINS
search_string = POST
text_transformation {
priority = 0
type = NONE
}
}
}
}
}
]
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "${var.solution}-${var.environment}-block-post-requests-content-type-application-json"
sampled_requests_enabled = true
}
}
The challenge here is Hashicorp's documentation for this resource does not contain full example of defining a WAF rule with and_statement - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl#and_statement-block
I have done all changes as per terraform validate but still it gives error.
I have raised same issue in Stack overflow - https://stackoverflow.com/questions/78666296/aws-aws-wafv2-web-acl-rule-and-statement-syntax-in-terraform
What is the expected behavior?
Terraform plan/validate should work fine. I think I am making some mistake in the syntax of and_statement.
Software versions?
Terraform v1.8.4
on darwin_arm64
+ provider registry.terraform.io/hashicorp/archive v2.4.2
+ provider registry.terraform.io/hashicorp/aws v5.55.0