fixing serverless file

Enterprise-CMCS · Jan 22, 2024 · 2d709f8 · 2d709f8
1 parent 86ec676
commit 2d709f8
Showing 1 changed file with 40 additions and 37 deletions.
diff --git a/services/ui/serverless.yml b/services/ui/serverless.yml
@@ -39,45 +39,48 @@ custom:
     name: ${self:service}-${self:custom.stage}-webacl
     rules:
       - enable: ${param:restrictToVpn}
-        Name: vpn-only
-        Priority: 0
-        Action:
-          Allow: {}
-        VisibilityConfig:
-          SampledRequestsEnabled: true
-          CloudWatchMetricsEnabled: true
-          MetricName: ${self:service}-${self:custom.stage}-webacl-vpn-only
-        Statement:
-          IPSetReferenceStatement:
-            ARN: ${self:custom.vpnIpSetArn}
-      - enable: ${param:restrictToVpn}
-        Name: vpn-only
-        Priority: 1
-        Action:
-          Allow: {}
-        VisibilityConfig:
-          SampledRequestsEnabled: true
-          CloudWatchMetricsEnabled: true
-          MetricName: ${self:service}-${self:custom.stage}-tmp-gh-runner
-        Statement:
-          IPSetReferenceStatement:
-            ARN: !GetAtt GitHubIPSet.Arn
+        rule:
+          Name: vpn-only
+          Priority: 0
+          Action:
+            Allow: {}
+          VisibilityConfig:
+            SampledRequestsEnabled: true
+            CloudWatchMetricsEnabled: true
+            MetricName: ${self:service}-${self:custom.stage}-webacl-vpn-only
+          Statement:
+            IPSetReferenceStatement:
+              ARN: ${self:custom.vpnIpSetArn}
       - enable: ${param:restrictToVpn}
-        Name: block-all-other-traffic
-        Priority: 3
-        Action:
-          Block:
-            CustomResponse:
-              ResponseCode: 403
-        VisibilityConfig:
-          SampledRequestsEnabled: true
-          CloudWatchMetricsEnabled: true
-          MetricName: ${self:service}-${self:custom.stage}-block-traffic
+        rule:
+          Name: github-only
+          Priority: 1
+          Action:
+            Allow: {}
+          VisibilityConfig:
+            SampledRequestsEnabled: true
+            CloudWatchMetricsEnabled: true
+            MetricName: ${self:service}-${self:custom.stage}-tmp-gh-runner
           Statement:
-            NotStatement:
-              Statement:
-                IPSetReferenceStatement:
-                  ARN: ${self:custom.vpnIpSetArn}
+            IPSetReferenceStatement:
+              ARN: !GetAtt GitHubIPSet.Arn
+      - enable: ${param:restrictToVpn}
+        rule:
+          Name: block-all-other-traffic
+          Priority: 3
+          Action:
+            Block:
+              CustomResponse:
+                ResponseCode: 403
+          VisibilityConfig:
+            SampledRequestsEnabled: true
+            CloudWatchMetricsEnabled: true
+            MetricName: ${self:service}-${self:custom.stage}-block-traffic
+            Statement:
+              NotStatement:
+                Statement:
+                  IPSetReferenceStatement:
+                    ARN: ${self:custom.vpnIpSetArn}
   firehoseStreamName: aws-waf-logs-${self:service}-${self:custom.stage}-firehose
   scripts:
     hooks: