Skip to content
This repository has been archived by the owner. It is now read-only.

Quick start with Terraform example code

apopova edited this page Jun 1, 2022 · 2 revisions


Quick Start

  1. Download Terraform code example.
  2. Prepare Terraform environment and variables.
  3. Deploy described stack.
  4. Test Wallarm node operation.

Step 1: Downloading Terraform code example

Terraform code used in this example can be cloned from the open GitHub repository using the following command:

git clone -b stable/3.6 --single-branch

To clone the example code for the lower node version, please replace 3.6 with the relevant value in the branch name.

Configuration files are located in the terraform folder of the repository:

  • is used to define necessary Terraform variables which describe the managed environment
  • holds the Terraform code which performed the actual AWS provisioning

Step 2: Preparing Terraform environment and variables

  1. Set environment variables with credentials for the Wallarm user with the Deploy role:

    export TF_VAR_deploy_username='DEPLOY_USERNAME'
    export TF_VAR_deploy_password='DEPLOY_PASSWORD'
    • DEPLOY_USERNAME is the email of the user with the Deploy role
    • DEPLOY_PASSWORD is the password of the user with the Deploy role
  2. Set environment variables with your AWS access keys:

    • YOUR_ACCESS_KEY_ID is your access key ID
    • YOUR_SECRET_ACCESS_KEY is your secret access key
  3. (Optional) Specify your public SSH key in the key_pair variable in the file, if you plan to access the employed EC2 instances using SSH.

  4. (Optional) Specify the API endpoint in the wallarm_api_domain variable in the file, if you use the EU Cloud. If you use the US Cloud, please leave an existing value.

  5. (Optional) Set AWS region data in the variables listed below in the file. The provided example is configured for AWS region us-west-1 (North California).

    • aws_region (you can find the list of AWS regions here)
    • az_a
    • az_b
    • wallarm_node_ami_id with the used AWS EC2 Wallarm filtering node image ID got by the command below. Please replace REGION_CODE by aws-region value:
    aws ec2 describe-images --filters "Name=name,Values=*wallarm-node-3-6*" --region REGION_CODE | jq -r '.Images[] | "\(.ImageId)"'
    • wordpress_ami_id with the used AWS EC2 Wordpress image ID got by the command below. Please replace REGION_CODE by aws-region value:
    aws ec2 describe-images --filters "Name=name,Values=*bitnami-wordpress-5.3.2-3-linux-ubuntu-16.04*" --region REGION_CODE | jq -r '.Images[] | "\(.ImageId)"'

Step 3: Deploying described stack

  1. Go to the terraform folder of the cloned repository:

    cd terraform-example/terraform
  2. Deploy the whole stack using the following commands:

    terraform init
    terraform plan
    terraform apply

After a successful run, Terraform will print out a DNS name of the deployed NLB instance. For example:

Apply complete! Resources: 4 added, 2 changed, 4 destroyed.


waf_nlb_dns_name = [

The DNS name can be used to access the freshly installed Wordpress service with Wallarm cluster deployed in front of it.

Installed Wordpress service

Step 4: Testing Wallarm node operation

The Wallarm cluster is configured with a self-signed SSL certificate so it should be possible to access the same DNS name using HTTPS protocol but the browser will show a security warning.

You can simulate a web attack by adding /?id='or+1=1--a-<script>prompt(1)</script>' to the web request - the request should be blocked by Wallarm with response code 403:

403 error code after sending an attack

A few minutes after simulating a web attack it should be possible to see two blocked attacks - SQLI and XSS - in Wallarm Console → Events:

Sent attacks displayed in the Wallarm account

Wallarm node deployment settings are performed in the wallarm_launch_config object of the file. To change settings to your own, please use directive description available by the link.

To remove the demonstration environment, please use the terraform destroy command.


On the first run terraform apply command fails with message "Error: Provider produced inconsistent final plan". What to do?

Please try to run terraform apply one more time. This should solve the problem.

How to access the created Wallarm node instances?

You can get a remote access to the server using user admin and proper SSH private key.

It looks like a filtering node is not getting configured properly. How to debug the instance?

  1. Get a remote access to the server using user admin and proper SSH private key.

  2. Review cloud-init logs:

    • /var/log/cloud-init.log
    • /var/log/cloud-init-output.log
  3. Review running processes using the command ps -ef.

  4. Check the NGINX configuration for correctness using command nginx -t.

  5. Review NGINX error logs in the file /var/log/nginx/error.log.