Creates an WAF Web ACL for use with CloudFront. Since this is a global resource, you can use any provider region.
module "cloudfront_waf" {
source = "dod-iac/cloudfront-waf/aws"
name = format("app-%s-%s", var.application, var.environment)
metric_name = format("app%s%s", title(var.application), title(var.environment))
allowed_hosts = [var.fqdn]
tags = {
Application = var.application
Environment = var.environment
Automation = "Terraform"
}
}
You can then add the WAF to a CloudFront Distribution with web_acl_id = module.cloudfront_waf.web_acl_id
.
Terraform 0.12. Pin module version to ~> 1.0.0 . Submit pull-requests to master branch.
Terraform 0.11 is not supported.
This project constitutes a work of the United States Government and is not subject to domestic copyright protection under 17 USC § 105. However, because the project utilizes code licensed from contributors and other third parties, it therefore is licensed under the MIT License. See LICENSE file for more information.
Name | Version |
---|---|
terraform | >= 0.13 |
aws | ~> 3.0 |
Name | Version |
---|---|
aws | ~> 3.0 |
No Modules.
Name |
---|
aws_waf_byte_match_set |
aws_waf_rule |
aws_waf_web_acl |
Name | Description | Type | Default | Required |
---|---|---|---|---|
allowed_hosts | List of allowed values for the host header. | list(string) |
n/a | yes |
aws_waf_byte_match_set_allowed_hosts_name | The name of the aws_waf_byte_match_set used by the rule used for filtering by host header. Defaults to "[name]-allowed-hosts". | string |
"" |
no |
aws_waf_rule_allowed_hosts_metric_name | The metric name of the rule used for filtering by host header. Defaults to "[metric_name]AllowedHosts". | string |
"" |
no |
aws_waf_rule_allowed_hosts_name | The name of the rule used for filtering by host header. Defaults to "[name]-allowed-hosts". | string |
"" |
no |
metric_name | The name or description for the Amazon CloudWatch metric of this web ACL. | string |
n/a | yes |
name | The name or description of the web ACL. | string |
n/a | yes |
tags | A mapping of tags to assign to the WAF Web ACL Resource and WAF Rules. | map(string) |
{} |
no |
Name | Description |
---|---|
web_acl_id | The ID of the WAF WebACL. |