Hey Dick,

Thanks for responding.

Please find the attached debug output as requested

TASK [Display ALB ARNs] 
************************************************************************************
Thursday 24 August 2023  13:04:34 -0700 (0:00:00.338)       0:00:24.776 
*******
ok: [localhost] => {
    "alb_map_arns": {
        "eu-central-1": [
            
"arn:aws:elasticloadbalancing:eu-central-1:<profile>:loadbalancer/app/Web-QAtest/78c12741885fcfbb",
            
"arn:aws:elasticloadbalancing:eu-central-1:<profile>:loadbalancer/app/Service-QAtest/a22b43074f64f9d7",
            
"arn:aws:elasticloadbalancing:eu-central-1:<profile>:loadbalancer/app/ServiceInt-QAtest/2f7fff2fb7d354a7"
        ],
        "us-east-1": [
            
"arn:aws:elasticloadbalancing:us-east-1:<profile>:loadbalancer/app/Web-QAtest/c1fba8d4f0526447",
            
"arn:aws:elasticloadbalancing:us-east-1:<profile>:loadbalancer/app/Service-QAtest/1c8cde570dbc2c98",
            
"arn:aws:elasticloadbalancing:us-east-1:<profile>:loadbalancer/app/ServiceInt-QAtest/e8b1dcfb2f17b6e1"
        ]
    }
}

On Friday, August 25, 2023 at 3:06:14 AM UTC+5:30 Dick Visser wrote:

> Hii
>
> You left out important information. For instance the output of the 
> "Display ALB ARNs" debug task.
> That is used in your shell command at " for alb_arn in {{ 
> alb_map_arns[item] }}; do", so that is important.
> Post that debug output.
> Or, post the output of the "Attach WAF to ALBs" task with -vv.
>
>
> On Thu, 24 Aug 2023 at 21:45, Shivani Arora <[email protected]> wrote:
>
>> Hi Team, 
>>
>> I'm trying the below code to attach region-specific waf to 
>> region-specific alb's. But the below code doesn't seem to be working for 
>> associating the waf to alb's. The last shell module is having issues, 
>> "$alb_arn" value is not getting interpreted and getting the error mentioned 
>> below.
>>
>> tasks:
>>
>>   - block:
>>       - name: Get service alb info
>>         community.aws.elb_application_lb_info:
>>           profile: "{{ aws_profile_name }}"
>>           region: "{{ region }}"
>>           names:
>>           - "Service-{{ ec2_tag_environment }}"
>>           - "ServiceInt-{{ ec2_tag_environment }}"
>>           - "Web-{{ ec2_tag_environment }}"
>>         register: alb_info
>>         loop: "{{ aws_cloud_regions }}"
>>         loop_control:
>>           loop_var: region
>>
>>       - debug:
>>             var=alb_info
>>
>>       - name: Extract ALB ARNs
>>         set_fact:
>>             alb_arns: "{{ alb_arns | default([]) + item.load_balancers | 
>> map(attribute='load_balancer_arn') | list }}"
>>         loop: "{{ alb_info.results }}"
>>
>>       - name: Extract ALB map ARNs
>>         set_fact:
>>             alb_map_arns: "{{ alb_map_arns | default({}) | 
>> combine({item.region: item.load_balancers | 
>> map(attribute='load_balancer_arn') | list}) }}"
>>         loop: "{{ alb_info.results }}"
>>
>>
>>       - name: Display ALB ARNs
>>         debug:
>>           var: alb_map_arns
>>
>>       - name: Get WAF WebACL ARN
>>         shell: |
>>           aws wafv2 list-web-acls --scope REGIONAL --profile "{{ 
>> aws_profile_name }}" --region "{{ region }}" --query 'WebACLs[?Name==`{{ 
>> ec2_tag_environment }}-ALB`].ARN' --output text
>>         register: waf_acl
>>         changed_when: false
>>         loop: "{{ aws_cloud_regions }}"
>>         loop_control:
>>           loop_var: region
>>
>>       - debug:
>>              var=waf_acl
>>
>>       - name: Print WebACL ARN
>>         set_fact:
>>            waf_arn: "{{ waf_arn | default({}) | combine({item.region: 
>> item.stdout}) }}"
>>         loop: "{{ waf_acl.results }}"
>>
>>       - debug:
>>             var=waf_arn
>>
>>       - name: Attach WAF to ALBs
>>         shell: |
>>           for alb_arn in {{ alb_map_arns[item] }}; do
>>             aws wafv2 associate-web-acl \
>>               --web-acl-arn "{{ waf_arn[item] }}" \
>>               --resource-arn "$alb_arn" \
>>               --profile "{{ aws_profile_name }}" \
>>               --region "{{ item }}"
>>           done
>>         loop: "{{ waf_arn.keys() | list }}"
>>         when: item in alb_map_arns
>>
>>
>> below $alb_arn is not getting interpreted
>>
>>  do\n  aws wafv2 associate-web-acl    --web-acl-arn 
>> \"arn:aws:wafv2:eu-central-1:<profile>:regional/webacl/QAtest-ALB/a6dda4d3-9973-4b88-bc49-a7cbad91a302\"
>>  
>>    --resource-arn \"$alb_arn\"
>>
>> error reason: The ARN isn't valid. A valid ARN begins with arn: and 
>> includes other information separated by colons or slashes., field: 
>> RESOURCE_ARN
>> An error occurred (WAFNonexistentItemException) when calling the 
>> AssociateWebACL operation: AWS WAF couldn’t perform the operation because 
>> your resource doesn’t exist
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to [email protected].
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/72172b94-528b-4828-b586-836160a318a3n%40googlegroups.com
>>  
>> <https://groups.google.com/d/msgid/ansible-project/72172b94-528b-4828-b586-836160a318a3n%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/dd7b503e-267e-496c-a8bf-bdba785850adn%40googlegroups.com.

Reply via email to