And the output of "Attach WAF to ALBs"? Sent from Gmail Mobile
On Fri, 25 Aug 2023 at 06:52, Shivani Arora <[email protected]> wrote: > Hey Dick, > > Thanks for responding. > > Please find the attached debug output as requested > > TASK [Display ALB ARNs] > ************************************************************************************ > Thursday 24 August 2023 13:04:34 -0700 (0:00:00.338) 0:00:24.776 > ******* > ok: [localhost] => { > "alb_map_arns": { > "eu-central-1": [ > > "arn:aws:elasticloadbalancing:eu-central-1:<profile>:loadbalancer/app/Web-QAtest/78c12741885fcfbb", > > "arn:aws:elasticloadbalancing:eu-central-1:<profile>:loadbalancer/app/Service-QAtest/a22b43074f64f9d7", > > "arn:aws:elasticloadbalancing:eu-central-1:<profile>:loadbalancer/app/ServiceInt-QAtest/2f7fff2fb7d354a7" > ], > "us-east-1": [ > > "arn:aws:elasticloadbalancing:us-east-1:<profile>:loadbalancer/app/Web-QAtest/c1fba8d4f0526447", > > "arn:aws:elasticloadbalancing:us-east-1:<profile>:loadbalancer/app/Service-QAtest/1c8cde570dbc2c98", > > "arn:aws:elasticloadbalancing:us-east-1:<profile>:loadbalancer/app/ServiceInt-QAtest/e8b1dcfb2f17b6e1" > ] > } > } > > On Friday, August 25, 2023 at 3:06:14 AM UTC+5:30 Dick Visser wrote: > >> Hii >> >> You left out important information. For instance the output of the >> "Display ALB ARNs" debug task. >> That is used in your shell command at " for alb_arn in {{ >> alb_map_arns[item] }}; do", so that is important. >> Post that debug output. >> Or, post the output of the "Attach WAF to ALBs" task with -vv. >> >> >> On Thu, 24 Aug 2023 at 21:45, Shivani Arora <[email protected]> wrote: >> >>> Hi Team, >>> >>> I'm trying the below code to attach region-specific waf to >>> region-specific alb's. But the below code doesn't seem to be working for >>> associating the waf to alb's. The last shell module is having issues, >>> "$alb_arn" value is not getting interpreted and getting the error mentioned >>> below. >>> >>> tasks: >>> >>> - block: >>> - name: Get service alb info >>> community.aws.elb_application_lb_info: >>> profile: "{{ aws_profile_name }}" >>> region: "{{ region }}" >>> names: >>> - "Service-{{ ec2_tag_environment }}" >>> - "ServiceInt-{{ ec2_tag_environment }}" >>> - "Web-{{ ec2_tag_environment }}" >>> register: alb_info >>> loop: "{{ aws_cloud_regions }}" >>> loop_control: >>> loop_var: region >>> >>> - debug: >>> var=alb_info >>> >>> - name: Extract ALB ARNs >>> set_fact: >>> alb_arns: "{{ alb_arns | default([]) + item.load_balancers | >>> map(attribute='load_balancer_arn') | list }}" >>> loop: "{{ alb_info.results }}" >>> >>> - name: Extract ALB map ARNs >>> set_fact: >>> alb_map_arns: "{{ alb_map_arns | default({}) | >>> combine({item.region: item.load_balancers | >>> map(attribute='load_balancer_arn') | list}) }}" >>> loop: "{{ alb_info.results }}" >>> >>> >>> - name: Display ALB ARNs >>> debug: >>> var: alb_map_arns >>> >>> - name: Get WAF WebACL ARN >>> shell: | >>> aws wafv2 list-web-acls --scope REGIONAL --profile "{{ >>> aws_profile_name }}" --region "{{ region }}" --query 'WebACLs[?Name==`{{ >>> ec2_tag_environment }}-ALB`].ARN' --output text >>> register: waf_acl >>> changed_when: false >>> loop: "{{ aws_cloud_regions }}" >>> loop_control: >>> loop_var: region >>> >>> - debug: >>> var=waf_acl >>> >>> - name: Print WebACL ARN >>> set_fact: >>> waf_arn: "{{ waf_arn | default({}) | combine({item.region: >>> item.stdout}) }}" >>> loop: "{{ waf_acl.results }}" >>> >>> - debug: >>> var=waf_arn >>> >>> - name: Attach WAF to ALBs >>> shell: | >>> for alb_arn in {{ alb_map_arns[item] }}; do >>> aws wafv2 associate-web-acl \ >>> --web-acl-arn "{{ waf_arn[item] }}" \ >>> --resource-arn "$alb_arn" \ >>> --profile "{{ aws_profile_name }}" \ >>> --region "{{ item }}" >>> done >>> loop: "{{ waf_arn.keys() | list }}" >>> when: item in alb_map_arns >>> >>> >>> below $alb_arn is not getting interpreted >>> >>> do\n aws wafv2 associate-web-acl --web-acl-arn >>> \"arn:aws:wafv2:eu-central-1:<profile>:regional/webacl/QAtest-ALB/a6dda4d3-9973-4b88-bc49-a7cbad91a302\" >>> --resource-arn \"$alb_arn\" >>> >>> error reason: The ARN isn't valid. A valid ARN begins with arn: and >>> includes other information separated by colons or slashes., field: >>> RESOURCE_ARN >>> An error occurred (WAFNonexistentItemException) when calling the >>> AssociateWebACL operation: AWS WAF couldn’t perform the operation because >>> your resource doesn’t exist >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> >> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/72172b94-528b-4828-b586-836160a318a3n%40googlegroups.com >>> <https://groups.google.com/d/msgid/ansible-project/72172b94-528b-4828-b586-836160a318a3n%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/dd7b503e-267e-496c-a8bf-bdba785850adn%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/dd7b503e-267e-496c-a8bf-bdba785850adn%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAF8BbLZ_T8upQiDtt6%3DD_Z-%2BBqku-CmQPqSke4uoR4MBop5RYg%40mail.gmail.com.
