|
|
@@ -3,13 +3,17 @@ locals {
|
|
|
fqdns = [for fqdn in local.fqdns_all : fqdn if substr(fqdn, 0, 1) != "*"]
|
|
|
}
|
|
|
|
|
|
+data "aws_vpc" "local_vpc" {
|
|
|
+ id = var.vpc_id
|
|
|
+}
|
|
|
+
|
|
|
module "waf" {
|
|
|
count = var.waf_enabled ? 1 : 0
|
|
|
|
|
|
source = "../../../submodules/wafv2"
|
|
|
|
|
|
# Custom to resource
|
|
|
- allowed_ips = var.allowed_ips
|
|
|
+ allowed_ips = concat(var.allowed_ips, [data.aws_vpc.local_vpc.cidr_block]) # Always allow the local vpc access for health checks
|
|
|
additional_blocked_ips = var.additional_blocked_ips
|
|
|
admin_ips = var.admin_ips #concat(var.zscalar_ips, var.admin_ips)
|
|
|
|
Frederick Damstra