![]() name: workload-to-shared-services regions: # - name: domain-list-group # - name: workload-to-shared-services # priority: 1 # - name: explicit-deny # priority: 100 shareTargets: StatelessDefaultActions: statelessFragmentDefaultActions: statefulDefaultActions: statefulEngineOptions: 'STRICT_ORDER ' statefulRuleGroups: name: domain-list-group # - name: workload-to-shared-services # - name: explicit-deny shareTargets: StatelessDefaultActions: statelessFragmentDefaultActions: # statefulDefaultActions: # statefulEngineOptions: 'STRICT_ORDER' statefulRuleGroups: destination: cloud-watch-logs type: FLOW policies: Network-Inspection-Firewall-B vpc: Network-Inspection loggingConfiguration: name: core-network-firewall region: *HOME_REGION firewallPolicy: accelerator-policy subnets: I attached the CodeBuild log with the error that states: Failed resources:ģ61 | AWSAccelerator-NetworkPrepStack-031334266292-us-gov-west-1 | 5:37:28 PM | UPDATE_FAILED | AWS::NetworkFirewall::RuleGroup | WorkloadToSharedServicesNetworkFirewallRuleGroup (WorkloadToSharedServicesNetworkFirewallRuleGroupF03E5CD4) Resource handler returned message: "parameter is invalid, parameter: (Service: NetworkFirewall, Status Code: 400, Request ID: 1d8b0d67-1b01-4663-bac3-b373e62d8cd0)" (RequestToken: 2f770aa3-8692-250b-4a12-0b7914ae6901, HandlerErrorCode: InvalidRequest)ģ62 | new NetworkFirewallRuleGroup | _ NetworkPrepStack.createNfwRuleGroup | _ NetworkPrepStack.createCentralNetworkResources | _ new NetworkPrepStack | _ main | _ processTicksAndRejections (internal/process/task_queues.js:95:5)ĭelegatedAdminAccount: Network networkFirewall: In the end, I want to create a stateful firewall rule and add it to the firewall-policy policy. I apologize for not putting the whole thing out. I shortened the code for the sake of putting it on here, and realized that I may have cut out too much. I guess I should add that in my original code, I had several rules. I changed the code to the snippet above to get past the error, but now it fails at the Network_Prepare stage of Deploy. ![]() I'm sure that I have the correct code because it failed earlier in the Build stage when, I believe, the solution goes through code verification. Were there any errors in the CloudWatch Logs? NoĪttached is the CodeBuild error log.Have you checked your service quotas for the sevices this solution uses? N/A.If the answer to the previous question was yes, are the changes available on GitHub? N/A.Was the solution modified from the version published on this repository? No.Please complete the following information about the solution: keyword: sid settings: statefulRuleOptions: "STRICT_ORDER "Ĭreate a stateful firewall rule group with rule option strict order with no error. *HOME_REGION capacity: 100 type: STATEFUL ruleGroup:ĭestination: 10.0.0.0/24 destinationPort: '80 ' direction: FORWARD protocol: TCP source: 10.50.0.0/20 sourcePort: Any ruleOptions:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |