AWS WAF更新Lambda中特定于某个区域的ip集和规则 [英] AWS WAF update ip sets and rules specific to a region from lambda
问题描述
如果规则集是全局(Cloudfront),我就能从lambda成功更新WAF ip地址规则集.
I am able to successfully update the WAF ip address rule set from lambda if the rule sets are Global (Cloudfront).
但是,如果我创建了特定于区域的规则集以便能够与APP ELB一起使用,则get-ip-set或list-ip-set api不会检索特定于区域的IP集,因此,我无法直接从lambda更新这些规则集.
but if i create a rule set specific to region to be able to use it with APP ELB, the get-ip-set or list-ip-set api's are not retrieving the IP set specific to a region and hence I am not able to update these rule sets directly from lambda.
是否需要传递其他参数才能检索这些特定于区域的规则集
Is there any additional param that needs to be passed to be able to retrieve these rule sets that are region specific
推荐答案
您需要使用正确的区域端点.与CloudFront一起使用的WAF端点与每个与ALB一起使用的区域端点本质上是一个不同的系统-且它们彼此独立.
You need to be using the correct regional endpoint. The WAF endpoint that works with CloudFront is essentially a different system than each of the regional endpoints that work with ALB -- and those are all independent of each other.
显然这也是一个完全不同的初始命令是aws waf-regional
而不是aws waf
(您的初始问题,用get-ip-set
显示的破折号表示AWS-CLI语法).
Apparently it's also an entirely different initial command, aws waf-regional
rather than aws waf
(your initial question, with dashes shown in get-ip-set
implies AWS-CLI syntax).
另请参见 http://docs.aws.amazon .com/general/latest/gr/rande.html#waf_region
这篇关于AWS WAF更新Lambda中特定于某个区域的ip集和规则的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!