locals { fqdns_all = concat(module.public_dns_record.forward, var.subject_alternative_names, var.fqdns) fqdns = [for fqdn in local.fqdns_all : fqdn if substr(fqdn, 0, 1) != "*"] } module "waf" { count = var.waf_enabled ? 1 : 0 source = "../../../submodules/wafv2" # Custom to resource allowed_ips = var.allowed_ips additional_blocked_ips = var.additional_blocked_ips admin_ips = var.admin_ips #concat(var.zscalar_ips, var.admin_ips) resource_arn = aws_lb.external.arn fqdns = local.fqdns # Passthrough Excluded Rules excluded_rules_AWSManagedRulesCommonRuleSet = var.excluded_rules_AWSManagedRulesCommonRuleSet excluded_rules_AWSManagedRulesAmazonIpReputationList = var.excluded_rules_AWSManagedRulesAmazonIpReputationList excluded_rules_AWSManagedRulesKnownBadInputsRuleSet = var.excluded_rules_AWSManagedRulesKnownBadInputsRuleSet excluded_rules_AWSManagedRulesSQLiRuleSet = var.excluded_rules_AWSManagedRulesSQLiRuleSet excluded_rules_AWSManagedRulesLinuxRuleSet = var.excluded_rules_AWSManagedRulesLinuxRuleSet excluded_rules_AWSManagedRulesUnixRuleSet = var.excluded_rules_AWSManagedRulesUnixRuleSet # Passthrough Excluded Rule Sets excluded_set_AWSManagedRulesCommonRuleSet = var.excluded_set_AWSManagedRulesCommonRuleSet excluded_set_AWSManagedRulesAmazonIpReputationList = var.excluded_set_AWSManagedRulesAmazonIpReputationList excluded_set_AWSManagedRulesKnownBadInputsRuleSet = var.excluded_set_AWSManagedRulesKnownBadInputsRuleSet excluded_set_AWSManagedRulesSQLiRuleSet = var.excluded_set_AWSManagedRulesSQLiRuleSet excluded_set_AWSManagedRulesLinuxRuleSet = var.excluded_set_AWSManagedRulesLinuxRuleSet excluded_set_AWSManagedRulesUnixRuleSet = var.excluded_set_AWSManagedRulesUnixRuleSet block_settings = var.block_settings # These are passed through and should be the same for module aws_partition = var.aws_partition aws_region = var.aws_region aws_account_id = var.aws_account_id tags = merge(var.tags, { Name = "${var.name}-lb-external-${var.environment}" }) }