module "waf" {
  source = "../../../submodules/wafv2"

  # Custom to resource
  allowed_ips = [ ] # bypasses filters, so should not be needed/used unless warranted
  additional_blocked_ips = [ ] # NOTE: There is a standard list in the submodule
  resource_arn = aws_lb.searchhead-alb.arn
  fqdns = keys(module.public_dns_record_cust-elb.forward) # first entry in list will be the WAF name

  # These are passed through and should be the same for module
  tags = merge(var.standard_tags, var.tags)
  aws_partition = var.aws_partition
  aws_region = var.aws_region
  aws_account_id = var.aws_account_id
}