terraform-aws-waf-webaclv2

Terraform module to configure WAF WebACL V2 for Application Load Balancer.

This module is initally configured to use cloudformation as Terraform doesn't support WAFv2 API. Issue tracking progress on this can be found -> hashicorp/terraform-provider-aws#11046.

This module will progress to version 1.0.0 once full support from Terraform is implemented and provided as part of terraform-aws-provider.

Module support all AWS managed rules defained in https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html.

Terraform versions

Terraform 0.12. Pin module version to ~> v1.0. Submit pull-requests to master branch.

Usage

Please pin down version of this module to exact version.

module "waf" {
  source = "umotif-public/waf-webaclv2/aws"
  version = "0.1.0"

  name_prefix = "test-waf-setup"
  alb_arn     = module.alb.arn

  enable_CommonRuleSet = true
  enable_PHPRuleSet    = true
}

Assumptions

Module is to be used with Terraform > 0.12.

Examples

• WAF ACL

Authors

Module managed by Marcin Cuber LinkedIn.

Requirements

No requirements.

Providers

Name	Version
aws	n/a

Inputs

Name	Description	Type	Default	Required
AdminProtectionRuleSetExcludedRules	n/a	string	""	no
AmazonIpReputationListExcludedRules	n/a	string	""	no
CommonRuleSetExcludedRules	n/a	string	""	no
KnownBadInputsRuleSetExcludedRules	n/a	string	""	no
LinuxRuleSetExcludedRules	n/a	string	""	no
PHPRuleSetExcludedRules	n/a	string	""	no
RulesAnonymousIpListExcludedRules	n/a	string	""	no
SQLiRuleSetExcludedRules	n/a	string	""	no
UnixRuleSetExcludedRules	n/a	string	""	no
WindowsRuleSetExcludedRules	n/a	string	""	no
WordPressRuleSetExcludedRules	n/a	string	""	no
alb_arn	Application Load Balancer ARN	string	""	no
enable_AdminProtectionRuleSet	n/a	bool	false	no
enable_AmazonIpReputationList	n/a	bool	false	no
enable_AnonymousIpList	n/a	bool	false	no
enable_CommonRuleSet	n/a	bool	false	no
enable_DefaultActionAllow	n/a	bool	true	no
enable_KnownBadInputsRuleSet	n/a	bool	false	no
enable_LinuxRuleSet	n/a	bool	false	no
enable_OverrideActionCountAdminProtectionRuleSet	n/a	bool	true	no
enable_OverrideActionCountAmazonIpReputationList	n/a	bool	true	no
enable_OverrideActionCountAnonymousIpList	n/a	bool	true	no
enable_OverrideActionCountCommonRuleSet	n/a	bool	true	no
enable_OverrideActionCountKnownBadInputsRuleSet	n/a	bool	true	no
enable_OverrideActionCountLinuxRuleSet	n/a	bool	true	no
enable_OverrideActionCountPHPRuleSet	n/a	bool	true	no
enable_OverrideActionCountSQLiRuleSet	n/a	bool	true	no
enable_OverrideActionCountUnixRuleSet	n/a	bool	true	no
enable_OverrideActionCountWindowsRuleSet	n/a	bool	true	no
enable_OverrideActionCountWordPressRuleSet	n/a	bool	true	no
enable_PHPRuleSet	n/a	bool	false	no
enable_SQLiRuleSet	n/a	bool	false	no
enable_UnixRuleSet	n/a	bool	false	no
enable_WindowsRuleSet	n/a	bool	false	no
enable_WordPressRuleSet	n/a	bool	false	no
enabled	Whether to create the resources. Set to false to prevent the module from creating any resources	bool	true	no
name_prefix	Name prefix used to create resources.	string	n/a	yes
tags	A map of tags (key-value pairs) passed to resources.	map(string)	{}	no

Outputs

No output.

License

See LICENSE for full details.

Pre-commit hooks

Install dependencies

• pre-commit
• terraform-docs required for terraform_docs hooks.
• TFLint required for terraform_tflint hook.

MacOS

brew install pre-commit terraform-docs tflint

brew tap git-chglog/git-chglog
brew install git-chglog