Hi, I wanted to create a cloudformation template in yaml for ip deny Rule but I end up with an error which I couldn't resolve. The code used and the error message is given below. Kindly help.

Question

```
AWSTemplateFormatVersion: '2010-09-09'
Resources:
  MyIPSet:
    Type: AWS::WAFv2::IPSet
    Properties:
      Name: MyIPSet
      Description: IP Set to deny access to specific IP addresses
      Scope: REGIONAL 
      IPAddressVersion: IPV4
      Addresses:
        - "192.0.2.44/32"

MyIPSetRule:
    Type: AWS::WAFv2::RuleGroup
    Properties:
      Name: MyIPSetRule
      Description: Rule to use IPSet for denial
      Scope: REGIONAL 
      Capacity: 1
      "Rules": [
    {
        "Name": "IPSetDeny",
        "Priority": 0,
        "Statement": {
            "IPSetReferenceStatement": {
                "ARN": {
                    "Fn::GetAtt": [
                        "MyIPSet",
                        "Arn"
                    ]
                }
            }
        },
        "Action": {
            "Block": {}
        },
        "VisibilityConfig": {
            "SampledRequestsEnabled": true,
            "CloudWatchMetricsEnabled": true,
            "MetricName": "aws-waf-logs-dev-inf1"
        }
    }

]
```
ERROR MESSAGE:
Resource handler returned message: "Model validation failed (#: required key [VisibilityConfig] not found)"

Accepted Answer

Your template does not have "VisibilityConfig" in the rule group.  
This is why the error is thought to be occurring.  
So I think the following template will work.  
The content has been changed from JSON to YAML, but it is the same.  
https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-rulegroup.html#cfn-wafv2-rulegroup-visibilityconfig
```
AWSTemplateFormatVersion: '2010-09-09' 
Resources: 
  MyIPSet: 
    Type: AWS::WAFv2::IPSet 
    Properties: 
      Name: MyIPSet 
      Description: IP Set to deny access to specific IP addresses 
      Scope: REGIONAL 
      IPAddressVersion: IPV4 
      Addresses: 
        - "192.0.2.44/32"

MyIPSetRule: 
    Type: AWS::WAFv2::RuleGroup 
    Properties: 
      Name: MyIPSetRule 
      Description: Rule to use IPSet for denial 
      Scope: REGIONAL 
      Capacity: 1 
      Rules: 
        - Action: 
            Block: {}
          Name: IPSetDeny
          Priority: 0
          Statement: 
            IPSetReferenceStatement: 
              Arn: !GetAtt MyIPSet.Arn
          VisibilityConfig: 
            SampledRequestsEnabled: true
            CloudWatchMetricsEnabled: true
            MetricName: aws-waf-logs-dev-inf1
      VisibilityConfig:
        CloudWatchMetricsEnabled: true
        MetricName: waf-metric
        SampledRequestsEnabled: true
```

Hi, I wanted to create a cloudformation template in yaml for ip deny Rule but I end up with an error which I couldn't resolve. The code used and the error message is given below. Kindly help.

Relevant content