Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
AFS
/
xdr-terraform-modules
2
0
Салаа 0
Файлууд Асуудлууд 0 Хуулах хүсэлтүүд 0 Мэдлэгийн сан
Мод: 02134ac6d9
Салаанууд Тагууд
xdr-terraform-m...
/
submodules
/
load_balancer
/
static_nlb_to_alb
/
waf.tf

waf.tf 2.3 KB
Түүх Анхны өгөгдөл

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647 
  1. locals {
    2. 

  2.   fqdns_all = concat(module.public_dns_record.forward, var.subject_alternative_names, var.fqdns)
    3. 

  3.   fqdns     = [for fqdn in local.fqdns_all : fqdn if substr(fqdn, 0, 1) != "*"]
    4. 

  4. }
    5. 

  5. 

  6. data "aws_vpc" "local_vpc" {
    7. 

  7.   id = var.vpc_id
    8. 

  8. }
    9. 

  9. 

  10. module "waf" {
    11. 

  11.   count = var.waf_enabled ? 1 : 0
    12. 

  12. 

  13.   source = "../../../submodules/wafv2"
    14. 

  14. 

  15.   # Custom to resource
    16. 

  16.   allowed_ips            = concat(var.allowed_ips, [data.aws_vpc.local_vpc.cidr_block]) # Always allow the local vpc access for health checks
    17. 

  17.   additional_blocked_ips = var.additional_blocked_ips
    18. 

  18.   admin_ips              = var.admin_ips #concat(var.zscalar_ips, var.admin_ips)
    19. 

  19. 

  20.   resource_arn = aws_lb.external.arn
    21. 

  21.   fqdns        = local.fqdns
    22. 

  22. 

  23.   # Passthrough Excluded Rules
    24. 

  24.   excluded_rules_AWSManagedRulesCommonRuleSet          = var.excluded_rules_AWSManagedRulesCommonRuleSet
    25. 

  25.   excluded_rules_AWSManagedRulesAmazonIpReputationList = var.excluded_rules_AWSManagedRulesAmazonIpReputationList
    26. 

  26.   excluded_rules_AWSManagedRulesKnownBadInputsRuleSet  = var.excluded_rules_AWSManagedRulesKnownBadInputsRuleSet
    27. 

  27.   excluded_rules_AWSManagedRulesSQLiRuleSet            = var.excluded_rules_AWSManagedRulesSQLiRuleSet
    28. 

  28.   excluded_rules_AWSManagedRulesLinuxRuleSet           = var.excluded_rules_AWSManagedRulesLinuxRuleSet
    29. 

  29.   excluded_rules_AWSManagedRulesUnixRuleSet            = var.excluded_rules_AWSManagedRulesUnixRuleSet
    30. 

  30. 

  31.   # Passthrough Excluded Rule Sets
    32. 

  32.   excluded_set_AWSManagedRulesCommonRuleSet          = var.excluded_set_AWSManagedRulesCommonRuleSet
    33. 

  33.   excluded_set_AWSManagedRulesAmazonIpReputationList = var.excluded_set_AWSManagedRulesAmazonIpReputationList
    34. 

  34.   excluded_set_AWSManagedRulesKnownBadInputsRuleSet  = var.excluded_set_AWSManagedRulesKnownBadInputsRuleSet
    35. 

  35.   excluded_set_AWSManagedRulesSQLiRuleSet            = var.excluded_set_AWSManagedRulesSQLiRuleSet
    36. 

  36.   excluded_set_AWSManagedRulesLinuxRuleSet           = var.excluded_set_AWSManagedRulesLinuxRuleSet
    37. 

  37.   excluded_set_AWSManagedRulesUnixRuleSet            = var.excluded_set_AWSManagedRulesUnixRuleSet
    38. 

  38. 

  39. 

  40.   block_settings = var.block_settings
    41. 

  41. 

  42.   # These are passed through and should be the same for module
    43. 

  43.   aws_partition  = var.aws_partition
    44. 

  44.   aws_region     = var.aws_region
    45. 

  45.   aws_account_id = var.aws_account_id
    46. 

  46.   tags           = merge(var.tags, { Name = "${var.name}-lb-external-${var.environment}" })
    47. 

  47. }
    48.