mention stop timeout for aws-waf-bouncer in docker (#659)

crowdsecurity · Nov 3, 2024 · a7db8dd · a7db8dd
1 parent f20bbaa
commit a7db8dd
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/crowdsec-docs/unversioned/bouncers/aws-waf.mdx b/crowdsec-docs/unversioned/bouncers/aws-waf.mdx
@@ -71,9 +71,20 @@ sudo yum install crowdsec-aws-waf-bouncer
 ### Docker
 
 ```shell
-docker run -v $(PWD)/config.yaml:/cs-aws-waf-bouncer.yaml crowdsecurity/aws-waf-bouncer
+docker run -e BOUNCER_CONFIG_FILE=/cs-aws-waf-bouncer.yaml -v $(PWD)/config.yaml:/cs-aws-waf-bouncer.yaml crowdsecurity/aws-waf-bouncer
 ```
 
+:::info
+
+The remediation component can take some time to delete all created resources on shutdown.
+
+The default docker timeout of 10s before sending a `SIGKILL` to the process might not always been enough.
+
+You can increase it by specifying `--stop-timeout` in your `run` command or by setting `stop_grace_period` when using compose.
+
+:::
+
+
 ## Configuration Reference
 
 You will need to edit `/etc/crowdsec/bouncers/crowdsec-aws-waf-bouncer.yaml` to configure the ACLs you want the component to use.