You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello everyone! I'm running a Crowdsec installation for 3 services supposedly fine (I get IP bans in the correct scenarios) until I received an error in one of the bouncer logs stating that it couldn't create more new AWS WAF IPSets. I realized I had 100 existing IPSets and that was a current limit that I'd need to increase.
I have 3 EC2 instances. Each instance runs a different service via docker-compose stack. And in each stack there's a crowdsec and crowdsec-awf-waf-bouncer service running.
All three services share the same AWS WAF ACL (crowdsec-<ENV_NAME>) and each service writes a new Group Rule. Here's the example configuration for the bouncer of the service "myservice":
Hello everyone! I'm running a Crowdsec installation for 3 services supposedly fine (I get IP bans in the correct scenarios) until I received an error in one of the bouncer logs stating that it couldn't create more new AWS WAF IPSets. I realized I had 100 existing IPSets and that was a current limit that I'd need to increase.
I have 3 EC2 instances. Each instance runs a different service via docker-compose stack. And in each stack there's a crowdsec and crowdsec-awf-waf-bouncer service running.
All three services share the same AWS WAF ACL (crowdsec-<ENV_NAME>) and each service writes a new Group Rule. Here's the example configuration for the bouncer of the service "myservice":
From https://docs.crowdsec.net/u/bouncers/aws_waf/ for the
ipset_prefix
parameter it states: "All ipsets are deleted on shutdown."And I noticed this is not happening. Everytime the docker-compose stack is restarted new IPSets are created and the old ones remain.
I have RTFM and STFW without results. I have no suspicious information from the logs of crowdsec and crowdsec-awf-waf-bouncer that I can use.
I have tried setting IAM AdministratorAccess policy to the EC2's IAM role in case it was lacking an IAM permissions but it seems not to be the case.
Has anyone detected this issue before? What could I be doing wrong?
Thanks in advance for reading.
Versions
Crowdsec: crowdsecurity/crowdsec:v1.6.2
Bouncer: crowdsecurity/aws-waf-bouncer:v0.1.7
The text was updated successfully, but these errors were encountered: