Hi, I tried to include one more rule (AWSManagedRulesKnownBadInputsRuleSet) in my CF template . It resulted in multiple errors and I resolved them but I couldn't resolve one last error. Kindly help.

CODE USED:

AWSTemplateFormatVersion: 2010-09-09
Resources:
  MyIPSetdenyb:
    Type: AWS::WAFv2::IPSet
    Properties:
      Name: MyIPSetb
      Description: IP Set to deny access to specific IP addresses
      Scope: REGIONAL
      IPAddressVersion: IPV4
      Addresses:
        - 192.0.2.44/32
  MyIPSetAllowb:
    Type: AWS::WAFv2::IPSet
    Properties:
      Name: MyIPSetAllowb
      Description: IP Set to deny access to 
      Scope: REGIONAL
      IPAddressVersion: IPV4
      Addresses:
        - 10.0.0.0/32
  MyIPSetRule:
    Type: AWS::WAFv2::RuleGroup
    Properties:
      Name: MyIPSetRuleb
      Description: Rule to use IPSet for denial
      Scope: REGIONAL
      Capacity: 1500
      Rules:
        - Action:
            Block: {}
          Name: MyIPSetDenyb
          Priority: 0
          Statement:
            IPSetReferenceStatement:
             Arn: !GetAtt MyIPSetdenyb.Arn 
          VisibilityConfig:
            SampledRequestsEnabled: true
            CloudWatchMetricsEnabled: true
            MetricName: aws-waf-logs-dev-inf-deny
        - Action:
            Allow: {}
          Name: MyIPSetAllowb
          Priority: 1
          Statement:
            IPSetReferenceStatement:
             Arn: !GetAtt MyIPSetAllowb.Arn
          VisibilityConfig:
            SampledRequestsEnabled: true
            CloudWatchMetricsEnabled: true
            MetricName: aws-waf-logs-dev-inf-allow
      VisibilityConfig:
        CloudWatchMetricsEnabled: true
        MetricName: waf-metric
        SampledRequestsEnabled: true

  WebACL:
    Type: AWS::WAFv2::WebACL
    Properties:
      DefaultAction:
        Allow: {}
      Name: waf-acl
      Rules:
        - Name: managed-rule
          OverrideAction:
            None: {}
          Priority: 0
          Statement:
            ManagedRuleGroupStatement:
              Name: AWSManagedRulesCommonRuleSet
              VendorName: AWS
          VisibilityConfig:
            CloudWatchMetricsEnabled: true
            MetricName: AWSManagedRulesCommonRuleSet
            SampledRequestsEnabled: true
            
            
        - Name: BadInputRuleSet
          OverrideAction:
            None: {}
          Priority: 1
          Statement:
            ManagedRuleGroupStatement:
              Name: AWS-AWSManagedRulesKnownBadInputsRuleSet
              VendorName: AWS
          VisibilityConfig:
            CloudWatchMetricsEnabled: true
            MetricName: AWS-AWSManagedRulesKnownBadInputsRuleSet
            SampledRequestsEnabled: true
            
            
        - Name: custom-rule-group
          OverrideAction:
            None: {}
          Priority: 2
          Statement:
            RuleGroupReferenceStatement:
                Arn: !GetAtt MyIPSetRule.Arn
          VisibilityConfig:
            CloudWatchMetricsEnabled: true
            MetricName: custom-rule-group
            SampledRequestsEnabled: true
      Scope: REGIONAL
      VisibilityConfig:
        CloudWatchMetricsEnabled: true
        MetricName: waf-acl
        SampledRequestsEnabled: true
        
        

ERROR MESSAGE: Resource handler returned message: "AWS WAF couldn?t perform the operation because your resource doesn?t exist. (Service: Wafv2, Status Code: 400, Request ID: 8162f1d4-bc7a-431f-8739-304c4412a632)" (RequestToken: 6e199fdd-fa4e-38fa-8052-452dc4a1ca03, HandlerErrorCode: NotFound)