[Bug]: Suricata Rule Comments Not Supported in Networkfirewall Rule in v5.82.2 AWS Provider Version

[hoazgazh]

Terraform Core Version

v1.10.4

AWS Provider Version

v5.82.2

Affected Resource(s)

1. Create a Suricata rule file (rules.suricata) with the following content:

# This is a test rule
alert http any any -> any any (msg:"Test Rule"; sid:1; rev:1;)

2. Reference this rule file in your Terraform configuration:

resource "aws_networkfirewall_rule_group" "example" {
  name        = "example-rule-group"
  capacity    = 100
  type        = "STATEFUL"
  description = "Example rule group"

  rule_group {
    rules_source {
      rules_file = file("${path.module}/rules.suricata")
    }
  }
}

Expected Behavior

Terraform should accept the Suricata rule file even if it contains comments. Comments are part of the Suricata specification and should be ignored during rule parsing.

Actual Behavior

Terraform throws an error when the rule file contains comments, indicating that the rules are invalid. This behavior did not occur in earlier versions of the AWS provider.

│ Error: creating NetworkFirewall Rule Group (outbound-rules-group1): operation error Network Firewall: CreateRuleGroup, https response error StatusCode: 400, RequestID: f603063c-d78e-48f4-b8c7-c5021a3f6f6f, InvalidRequestException: stateful rule is invalid, rule: # This is a test rule, reason: Illegal rule syntax: # This is a test rule

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

Terraform Configuration Files
Below is a sample configuration file to reproduce the issue:

resource "aws_networkfirewall_rule_group" "example" {
  name        = "example-rule-group"
  capacity    = 100
  type        = "STATEFUL"
  description = "Example rule group"

  rule_group {
    rules_source {
      rules_file = file("${path.module}/rules.suricata")
    }
  }
}

rules.suricata file:

# This is a test rule
alert http any any -> any any (msg:"Test Rule"; sid:1; rev:1;)

Steps to Reproduce

Steps to Reproduce
Create a Suricata rule file (rules.suricata) with the following content:

# This is a test rule
alert http any any -> any any (msg:"Test Rule"; sid:1; rev:1;)

Reference this rule file in your Terraform configuration as shown above.

Run terraform plan or terraform apply.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

#26517

Would you like to implement a fix?

None

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[justinretzolk]

Hey @hoazgazh 👋 Thank you for taking the time to raise this! You mentioned this didn't occur in prior versions of the AWS Provider -- do you happen to know what the last version of the provider was where the error was not encountered? It looks like the last change to this resource happened quite some time ago (January of 2024), and the error appears to be coming from the AWS API, rather than from any validations on the Terraform side. Those details make me wonder if something else might be amiss here, so if you're able to provide debug logging (redacted as needed), that may help whoever picks this issue up for further investigation.