module "waf" {
  source = "../../submodules/wafv2"

  # Custom to resource
  allowed_ips = [ ] # bypasses filters, so should not be needed/used unless warranted. We previously did var.admin_remote_ipset, but that seems like a bad idea
  additional_blocked_ips = [ ] # NOTE: There is a standard list in the submodule
  resource_arn = aws_alb.portal.arn
  fqdns = keys(module.public_dns_record.forward) # first entry in list will be the WAF name

  # These are passed through and should be the same for module
  tags = merge(var.standard_tags, var.tags)
  aws_partition = var.aws_partition
  aws_region = var.aws_region
  aws_account_id = var.aws_account_id
}