AWS Netwotk FWs Rule Groups

toufiqkorai · May 11, 2024, 2:50am

I am having issues with below code when creating rule groups and attaching to policy:

updating NetworkFirewall Firewall Policy (arn:aws:network-firewall:ap-southeast-2:1234567890:firewall-policy/Domains): InvalidRequestException: ResourceArn has invalid rule order, parameter: [arn:aws:network-firewall:ap-southeast-2:1234567890:stateful-rulegroup/SurecataTF], context: StatefulRuleGroupReferences[0].ResourceArn
│
│ with aws_networkfirewall_firewall_policy.Latest,
│ on NFW.tf line 84, in resource “aws_networkfirewall_firewall_policy” “Latest”:
│ 84: resource “aws_networkfirewall_firewall_policy” “Latest” {

Below is my code :

resource “aws_networkfirewall_rule_group” “WhitelistDomains” {
capacity = 100
name = “SurecataTF”
type = “STATEFUL”
rules = file(“NFW-Whitelist-Domains.txt”)
tags = {
Tag1 = “Value1”
Tag2 = “Value2”
}
}

acwwat · May 14, 2024, 5:29am

You will need to show the full configuration since the error is from aws_networkfirewall_firewall_policy.Latest. But I am guessing that you might not have specified priority in the stateful_rule_group_reference block, or it’s set to an invalid value.