Merge pull request #189 from vrk-kpa/REKDAT-117_fix-waf-ip-list-parsing

REKDAT-117: Fix string list parsing in ShieldStack
vrk-kpa · Apr 24, 2024 · ac41485 · ac41485
2 parents 422f9ff + dbe0473
commit ac41485
Showing 1 changed file with 11 additions and 8 deletions.
diff --git a/cdk/lib/shield-stack.ts b/cdk/lib/shield-stack.ts
@@ -22,25 +22,28 @@ export class ShieldStack extends Stack {
       resourceArn: props.loadBalancer.loadBalancerArn
     })
 
-    const banned_ips = aws_ssm.StringListParameter.fromStringListParameterName(this, 'bannedIpsList',
-      `/${props.environment}/waf/banned_ips`);
-
-    const whitelisted_ips = aws_ssm.StringListParameter.fromStringListParameterName(this, 'whitelistedIpsList',
-      `/${props.environment}/waf/whitelisted_ips`);
-
+    const banned_ips = new CfnParameter(this, 'bannedIpsList', {
+      type: 'AWS::SSM::Parameter::Value<List<String>>',
+      default: `/${props.environment}/waf/banned_ips`
+    })
 
     const cfnBannedIPSet = new aws_wafv2.CfnIPSet(this, 'BannedIPSet', {
       name: 'banned-ips',
       scope: 'REGIONAL',
       ipAddressVersion: "IPV4",
-      addresses: banned_ips.stringListValue
+      addresses: banned_ips.valueAsList
+    })
+
+    const whitelisted_ips = new CfnParameter(this, 'whitelistedIpsList', {
+      type: 'AWS::SSM::Parameter::Value<List<String>>',
+      default: `/${props.environment}/waf/whitelisted_ips`
     })
 
     const cfnWhiteListedIpSet = new aws_wafv2.CfnIPSet(this, 'WhitelistedIPSet', {
       name: 'whitelisted-ips',
       scope: 'REGIONAL',
       ipAddressVersion: "IPV4",
-      addresses: whitelisted_ips.stringListValue
+      addresses: whitelisted_ips.valueAsList
     })