I am trying to understand this awesome documentation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-orstatementone.html
Which tells me to just write it this way:
Statements:
- StatementTwo
What I want to do: I want to make sure that the IP is in either one of two - three different IPSet's I have created. I want to avoid creating multiple rules, since from what I understand, every rule costs 1$ each month. The only reason I want to have multiple IP sets is to make it clear why each IP was added to each set. (Homeoffice, Regular office, Consultant etc).
I have tried some variations of this:
Rules:
- Name: WafIpRule
Priority: 1
Action:
Allow: {}
VisibilityConfig:
SampledRequestsEnabled: false
CloudWatchMetricsEnabled: true
MetricName: !Sub web${Environment}AllowWhitelistedIps
Statement:
Statements:
- IPSetReferenceStatement:
Arn: !GetAtt IpStuff1.Arn
- IPSetReferenceStatement:
Arn: !GetAtt IpStuff2.Arn
Is this even possible? If yes how? Or should I just go and merge the IpSets / Do seperate rules?
I seem to be able to do this via the console so it seems like it should be possible...
A bit embarrassing since this was so close to what I was trying but a little bit of rubber ducking goes a long way.
I am not sure if AWS actually counts this as 2 (or more) rules but they do count the WCU's used (so I assume it will).
I will leave this here for future Google-fu's