Skip to content

dod-iac/terraform-aws-cloudfront-waf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.circleci
.circleci
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
.markdownlintrc
.markdownlintrc
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.terraform-version
.terraform-version
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

Usage

Creates an WAF Web ACL for use with CloudFront. Since this is a global resource, you can use any provider region.

module "cloudfront_waf" {
  source = "dod-iac/cloudfront-waf/aws"

  name = format("app-%s-%s", var.application, var.environment)

  metric_name = format("app%s%s", title(var.application), title(var.environment))

  allowed_hosts = [var.fqdn]

  tags = {
    Application = var.application
    Environment = var.environment
    Automation  = "Terraform"
  }
}

You can then add the WAF to a CloudFront Distribution with web_acl_id = module.cloudfront_waf.web_acl_id.

Terraform Version

Terraform 0.12. Pin module version to ~> 1.0.0 . Submit pull-requests to master branch.

Terraform 0.11 is not supported.

License

This project constitutes a work of the United States Government and is not subject to domestic copyright protection under 17 USC § 105. However, because the project utilizes code licensed from contributors and other third parties, it therefore is licensed under the MIT License. See LICENSE file for more information.

Requirements

Name Version
terraform >= 0.13
aws ~> 3.0

Providers

Name Version
aws ~> 3.0

Modules

No Modules.

Resources

Name
aws_waf_byte_match_set
aws_waf_rule
aws_waf_web_acl

Inputs

Name Description Type Default Required
allowed_hosts List of allowed values for the host header. list(string) n/a yes
aws_waf_byte_match_set_allowed_hosts_name The name of the aws_waf_byte_match_set used by the rule used for filtering by host header. Defaults to "[name]-allowed-hosts". string "" no
aws_waf_rule_allowed_hosts_metric_name The metric name of the rule used for filtering by host header. Defaults to "[metric_name]AllowedHosts". string "" no
aws_waf_rule_allowed_hosts_name The name of the rule used for filtering by host header. Defaults to "[name]-allowed-hosts". string "" no
metric_name The name or description for the Amazon CloudWatch metric of this web ACL. string n/a yes
name The name or description of the web ACL. string n/a yes
tags A mapping of tags to assign to the WAF Web ACL Resource and WAF Rules. map(string) {} no

Outputs

Name Description
web_acl_id The ID of the WAF WebACL.

About

WAF for use with CloudFront

registry.terraform.io/modules/dod-iac/cloudfront-waf/aws

Topics

aws terraform waf cloudfront

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

2 stars

Watchers

5 watching

Forks

2 forks
Report repository

Releases

1 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages