Hi Team,
I'm trying the below code to attach region-specific waf to region-specific
alb's. But the below code doesn't seem to be working for associating the
waf to alb's. The last shell module is having issues, "$alb_arn" value is
not getting interpreted and getting the error mentioned below.
tasks:
- block:
- name: Get service alb info
community.aws.elb_application_lb_info:
profile: "{{ aws_profile_name }}"
region: "{{ region }}"
names:
- "Service-{{ ec2_tag_environment }}"
- "ServiceInt-{{ ec2_tag_environment }}"
- "Web-{{ ec2_tag_environment }}"
register: alb_info
loop: "{{ aws_cloud_regions }}"
loop_control:
loop_var: region
- debug:
var=alb_info
- name: Extract ALB ARNs
set_fact:
alb_arns: "{{ alb_arns | default([]) + item.load_balancers |
map(attribute='load_balancer_arn') | list }}"
loop: "{{ alb_info.results }}"
- name: Extract ALB map ARNs
set_fact:
alb_map_arns: "{{ alb_map_arns | default({}) |
combine({item.region: item.load_balancers |
map(attribute='load_balancer_arn') | list}) }}"
loop: "{{ alb_info.results }}"
- name: Display ALB ARNs
debug:
var: alb_map_arns
- name: Get WAF WebACL ARN
shell: |
aws wafv2 list-web-acls --scope REGIONAL --profile "{{
aws_profile_name }}" --region "{{ region }}" --query 'WebACLs[?Name==`{{
ec2_tag_environment }}-ALB`].ARN' --output text
register: waf_acl
changed_when: false
loop: "{{ aws_cloud_regions }}"
loop_control:
loop_var: region
- debug:
var=waf_acl
- name: Print WebACL ARN
set_fact:
waf_arn: "{{ waf_arn | default({}) | combine({item.region:
item.stdout}) }}"
loop: "{{ waf_acl.results }}"
- debug:
var=waf_arn
- name: Attach WAF to ALBs
shell: |
for alb_arn in {{ alb_map_arns[item] }}; do
aws wafv2 associate-web-acl \
--web-acl-arn "{{ waf_arn[item] }}" \
--resource-arn "$alb_arn" \
--profile "{{ aws_profile_name }}" \
--region "{{ item }}"
done
loop: "{{ waf_arn.keys() | list }}"
when: item in alb_map_arns
below $alb_arn is not getting interpreted
do\n aws wafv2 associate-web-acl --web-acl-arn
\"arn:aws:wafv2:eu-central-1:<profile>:regional/webacl/QAtest-ALB/a6dda4d3-9973-4b88-bc49-a7cbad91a302\"
--resource-arn \"$alb_arn\"
error reason: The ARN isn't valid. A valid ARN begins with arn: and
includes other information separated by colons or slashes., field:
RESOURCE_ARN
An error occurred (WAFNonexistentItemException) when calling the
AssociateWebACL operation: AWS WAF couldn’t perform the operation because
your resource doesn’t exist
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/72172b94-528b-4828-b586-836160a318a3n%40googlegroups.com.
