问题
I am able to successfully update the WAF ip address rule set from lambda if the rule sets are Global (Cloudfront).
but if i create a rule set specific to region to be able to use it with APP ELB, the get-ip-set or list-ip-set api's are not retrieving the IP set specific to a region and hence I am not able to update these rule sets directly from lambda.
Is there any additional param that needs to be passed to be able to retrieve these rule sets that are region specific
回答1:
You need to be using the correct regional endpoint. The WAF endpoint that works with CloudFront is essentially a different system than each of the regional endpoints that work with ALB -- and those are all independent of each other.
Apparently it's also an entirely different initial command, aws waf-regional rather than aws waf (your initial question, with dashes shown in get-ip-set implies AWS-CLI syntax).
See also http://docs.aws.amazon.com/general/latest/gr/rande.html#waf_region
来源:https://stackoverflow.com/questions/41068378/aws-waf-update-ip-sets-and-rules-specific-to-a-region-from-lambda