locals {
  blacklisted_ips = [
    {
      "value" = "172.16.0.0/16"
      type    = "IPV4"
    },
    {
      "value" = "192.168.0.0/16"
      type    = "IPV4"
    },
    {
      "value" = "169.254.0.0/16"
      type    = "IPV4"
    },
    {
      "value" = "127.0.0.1/32"
      type    = "IPV4"
    },
  ]

# 73.10.53.113/32 Rick Page Home
# 99.151.37.185/32 Wesley Leonard Home
# 104.9.149.90/32 Greg Rivas Home
# 100.4.76.3/32 Brandon Naughton Home
# 170.248.173.247/32 AFS site
# 170.248.173.245/32 AFS site
# 70.120.41.230/32 Will Ledesma Home
  admin_remote_ipset = [
    {
      "value" = "73.10.53.113/32"
      type    = "IPV4"
    },
    {
      "value" = "99.151.37.185/32"
      type    = "IPV4"
    },
    {
      "value" = "104.9.149.90/32"
      type    = "IPV4"
    },
    {
      "value" = "100.4.76.3/32"
      type    = "IPV4"
    },
    {
      "value" = "170.248.173.247/32"
      type    = "IPV4"
    },
    {
      "value" = "170.248.173.245/32"
      type    = "IPV4"
    },
    {
      "value" = "70.120.41.230/32"
      type    = "IPV4"
    },
  ]
  waf_prefix = "portal"
}

module "regional_waf" {
  source             = "../../submodules/waf_owasp_top10"
  waf_prefix         = local.waf_prefix
  blacklisted_ips    = local.blacklisted_ips
  admin_remote_ipset = local.admin_remote_ipset
}

resource "aws_wafregional_web_acl_association" "portal_alb_waf" {
  resource_arn = aws_alb.portal.arn
  web_acl_id   = module.regional_waf.web_acl_id
}