terraform-aws-arc-waf¶
Overview¶
SourceFuse AWS Reference Architecture (ARC) Terraform module for managing WAF.
Usage¶
To see a full example, check out the main.tf file in the example folder.
Requirements¶
Name | Version |
---|---|
terraform | >= 1.3, < 2.0.0 |
aws | >= 4.0 |
Providers¶
Name | Version |
---|---|
aws | 5.8.0 |
Modules¶
No modules.
Resources¶
Name | Type |
---|---|
aws_wafv2_ip_set.this | resource |
aws_wafv2_web_acl.this | resource |
aws_wafv2_web_acl_association.this | resource |
Inputs¶
Name | Description | Type | Default | Required |
---|---|---|---|---|
association_resource_arns | The Amazon Resource Name (ARN) of the resource to associate with the web ACL. This must be an ARN of an Application Load Balancer, an Amazon API Gateway stage, or an Amazon Cognito User Pool. |
list(string) |
[] |
no |
create_web_acl | A Boolean indicates whether to create WAF Web ACL or not | bool |
true |
no |
ip_set | Configuration for WAFv2 IP Set. * name: A friendly name of the IP set. * description: A friendly description of the IP set. Default is "Terraform managed IP Set configuration." * scope: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. Default is "REGIONAL." * ip_address_version: Specify IPV4 or IPV6. Valid values are IPV4 or IPV6. Default is "IPV4." * addresses: Contains an array of strings that specifies zero or more IP addresses or blocks of IP addresses. All addresses must be specified using Classless Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and IPv6 CIDR ranges except for /0. |
list(object({ |
[] |
no |
tags | A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level. | map(string) |
{} |
no |
web_acl_custom_response_body | Defines custom response bodies that can be referenced by custom_response actions | any |
[] |
no |
web_acl_default_action | Action to perform if none of the rules contained in the WebACL match. Options are allow or block |
string |
n/a | yes |
web_acl_description | Description of the WebACL | string |
"Terraform managed Web ACL Configuration" |
no |
web_acl_name | Name of the WAFv2 Web ACL | string |
n/a | yes |
web_acl_rules | Rule blocks used to identify the web requests that you want to allow, block, or count | any |
[] |
no |
web_acl_scope | Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL | string |
"REGIONAL" |
no |
web_acl_visibility_config | Defines and enables Amazon CloudWatch metrics and web request sample collection | object({ |
n/a | yes |
Outputs¶
Name | Description |
---|---|
arn | The ARN of the WAF WebACL. |
capacity | Web ACL capacity units (WCUs) currently being used by this web ACL. |
id | The ID of the WAF WebACL. |
ip_set_arn | The IP Set ARN |
tags_all | Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block. |
Git commits¶
while Contributing or doing git commit please specify the breaking change in your commit message whether its major,minor or patch
For Example
Development¶
Prerequisites¶
Configurations¶
- Configure pre-commit hooks
Tests¶
- Tests are available in
test
directory - Configure the dependencies
- Now execute the test
Authors¶
This project is authored by: - SourceFuse ARC Team