Terraform module which creates Web Application Firewall (WAFV2).
Available features
- AWS Managed Rule Groups
- Statement
- IPSetReferenceStatement
- GeoMatchStatement
- ByteMatchStatement
- LabelMatchStatement
- RateBasedStatement
- SizeConstraintStatement
- Logical Statement (And, Or, Not)
- RegexPatternSetReferenceStatement
- Associating WAFv2 WebACL with AWS resources (API Gateway, ALB, AWS AppSync)
- Enabling Logging Configuration
- Create IP sets
- See Example Codes for full details.
| Name | Version |
|---|---|
| terraform | >= 1.0.8 |
| aws | >= 3.60.0 |
| Name | Version |
|---|---|
| aws | >= 3.60.0 |
| Name | Type |
|---|
| Name | Type |
|---|---|
| aws_wafv2_ip_set.this | resource |
| aws_wafv2_regex_pattern_set.this | resource |
| Name | Type |
|---|---|
| aws_wafv2_web_acl.this | resource |
| aws_wafv2_web_acl_association.this | resource |
| aws_wafv2_web_acl_logging_configuration.this | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| region | The Region of the AWS. | string |
ap-northeast-2 |
no |
| name | A friendly name of the WebACL. | string |
"" |
yes |
| description | A friendly description of the WebACL. | string |
null |
no |
| scope | Specifies whether this is for an AWS CloudFront distribution or for a regional application. | string |
"" |
yes |
| default_action | The action to perform when a web request doesn't match any of the rules in the WebACL. | string |
allow |
no |
| visibility_config | Defines and enables Amazon CloudWatch metrics and web request sample collection. | object({...}) |
{ |
no |
| rules | The processing guidance for a Rule, used by AWS WAF to determine whether a web request matches the rule. | any |
[] |
yes |
| tags | A tag associated with an AWS resource. | map(string) |
null |
no |
| enable_logging_configuration | Whether to enable logging configuration. | bool |
false |
no |
| log_destination_configs | The Amazon Kinesis Data Firehose Amazon Resource Name (ARNs) that you want to associate with the web ACL. | list |
[] |
no |
| redacted_fields | The parts of the request that you want to keep out of the logs. | object({...}) |
null |
no |
| logging_filter | Filtering that specifies which web requests are kept in the logs and which are dropped. | object({...}) |
null |
no |
| enable_webacl_association | Whether to associate ALB with WAFv2 WebACL. | bool |
false |
no |
| alb_resource_arn | The Amazon Resource Name (ARN) of the resource to associate with the web ACL. | list(string) |
[] |
no |
| Name | Description |
|---|
This module does not have any dependencies to other modules.
Module is maintained by Donggyu Woo
MIT Licensed. See LICENSE for full details.