You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
"To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, for example aws_wafv2_web_acl.example.arn. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example aws_waf_web_acl.example.id. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned."
Trying to apply the fix mentioned by CKV_AWS_68 results in the following error:
# terraform apply infra.out results:
module.static_webpage_cloudfront.aws_cloudfront_distribution.this: Modifying... [id=<REDACTED>]
╷
│ Error: updating CloudFront Distribution (<REDACTED>): InvalidWebACLId: Web ACL is not accessible by the requester.
│ status code: 400, request id: <REDACTED>
│
│ with module.static_webpage_cloudfront.aws_cloudfront_distribution.this,
│ on ../../static_webpage_cloudfront/main.tf line 62, in resource "aws_cloudfront_distribution" "this":
│ 62: resource "aws_cloudfront_distribution" "this" {
│
╵
Suggested fix:
Edit the documentation to support both aws_waf_web_acl and aws_wafv2_web_acl
Report these changes in checkov's engine to check for the presence of either the ID of aws_waf_web_acl or the ARN of aws_wafv2_web_acl
The text was updated successfully, but these errors were encountered:
Checkov version:
3.2.90
Regarding CKV_AWS_68: AWS CloudFront web distribution with AWS Web Application Firewall (AWS WAF) service disabled https://github.com/hlxsites/prisma-cloud-docs/blob/main/docs/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/bc-aws-general-27.adoc
The
Fix:builtime
section mentions the following fix:when it should either be
or
Source: Terraform doc for aws_cloudfront_distribution:
Trying to apply the fix mentioned by CKV_AWS_68 results in the following error:
Suggested fix:
aws_waf_web_acl
andaws_wafv2_web_acl
aws_waf_web_acl
or the ARN ofaws_wafv2_web_acl
The text was updated successfully, but these errors were encountered: