Support managed rule group configs in aws_wafv2_web_acl for the new managed rule AWSManagedRulesATPRuleSet

[lorelei-rupp-imprivata]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

A new managed rule group was added for Account Takeover protection. The provider does not seem to support the additional configuration required -- https://docs.aws.amazon.com/waf/latest/APIReference/API_ManagedRuleGroupConfig.html
Please support the additional managed rule group configuration so we can use terraform to set up this rule set.

New or Affected Resource(s)

• aws_wafv2_web_acl

Broken Terraform Configuration

        statement {
          managed_rule_group_statement {
            name        = "AWSManagedRulesATPRuleSet"
            vendor_name = "AWS"
          }
        }

This does not work when you apply because it needs additional configuration

References

• #0000

[hasssammalik]

can we get an update on this one please

[chrisminton]

The required configuration looks something like

      "ManagedRuleGroupConfigs": [
        {
          "LoginPath": string
        },
        {
          "PayloadType": "JSON|FORM_ENCODED"
        },
        {
          "UsernameField": {
            "Identifier": string
          }
        },
        {
          "PasswordField": {
            "Identifier": string
          }
        }
      ]

[y0zg]

Any update on this please?

[marianod92]

Hello everyone!
I consulted in the other related issue, I ask again here

Has anyone been able to solve this problem with some workaround through aws-cli for example?

I tried to activate Account Takeover Prevention through Terraform with a null_resource and aws-cli, but I did not find this option in the documentation and reference examples.

Thanks!

[github-actions]

This functionality has been released in v4.49.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[sidpremkumar]

@marianod92 were you able to figure this out? Running into the same issue :(

edit: For anyone else this fixed it: #29154

[marianod92]

@marianod92 were you able to figure this out? Running into the same issue :(

edit: For anyone else this fixed it: #29154

Hey @sidpremkumar

I couldn't get back on this issue yet, but from what I saw in the Issue #23287 , you can already provision this rule directly from Terraform.
I have not yet been able to test the Terraform provider version > 4.49 to see how the ATP Rule Set behaves.

• Add Support for WAFv2 Managed Rule Group Configuration #23287 (comment)

On the other hand, in the same issue they commented a solution via aws-cli, here is the link so you can take a look at it:

• Add Support for WAFv2 Managed Rule Group Configuration #23287 (comment)

Best!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.