Home Verkennen Help
Registreren Inloggen
AFS
/
xdr-terraform-modules
2
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Boom: 7d2c211dbf
Aftakkingen Labels
xdr-terraform-m...
/
base
/
jira
/
instance_jira
/
waf.tf

waf.tf 2.0 KB
Geschiedenis Ruwe

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455 
  1. module "waf" {
    2. 

  2.   source = "../../../submodules/wafv2"
    3. 

  3. 

  4.   # Custom to resource
    5. 

  5.   allowed_ips = [ ] # bypasses filters, so should not be needed/used unless warranted
    6. 

  6.   additional_blocked_ips = [ ] # NOTE: There is a standard list in the submodule
    7. 

  7.   resource_arn = aws_alb.jira_server_external.arn
    8. 

  8.   fqdns = concat( # first entry in list will be the WAF name
    9. 

  9.     keys(module.public_dns_record.forward),
    10. 

  10.     # example, to add additional valid hostnames
    11. 

  11.     #    keys(module.public_dns_record_cust-auth-elb.forward),
    12. 

  12.   )
    13. 

  13. 

  14.   excluded_rules_AWSManagedRulesSQLiRuleSet = [
    15. 

  15.     "SQLi_QUERYARGUMENTS",
    16. 

  16.     "SQLi_BODY"
    17. 

  17.   ]
    18. 

  18. 

  19.   excluded_rules_AWSManagedRulesUnixRuleSet = [
    20. 

  20.     "UNIXShellCommandsVariables_BODY"
    21. 

  21.   ]
    22. 

  22. 

  23.   # These are passed through and should be the same for module
    24. 

  24.   tags = merge(var.standard_tags, var.tags)
    25. 

  25.   aws_partition = var.aws_partition
    26. 

  26.   aws_region = var.aws_region
    27. 

  27.   aws_account_id = var.aws_account_id
    28. 

  28. }
    29. 

  29. 

  30. # Example: If you want to attach the WAF to an additional ALB
    31. 

  31. #
    32. 

  32. # Share a WAF for both services, should be cheaper due to scale, but can be easily separated out
    33. 

  33. # using the commented section below, if the need arises.
    34. 

  34. 

  35. #resource "aws_wafv2_web_acl_association" "associate-auth-to-waf" {
    36. 

  36. #  resource_arn = aws_lb.searchhead-auth-alb.arn
    37. 

  37. #  web_acl_arn  = module.waf.web_acl_id
    38. 

  38. #}
    39. 

  39. 

  40. # Example: If you want a second WAF, that should be straightforward
    41. 

  41. #module "waf-auth" {
    42. 

  42. #  source = "../../../submodules/wafv2"
    43. 

  43. #
    44. 

  44. #  # Custom to resource
    45. 

  45. #  allowed_ips = [ ] # bypasses filters, so should not be needed/used unless warranted
    46. 

  46. #  additional_blocked_ips = [ ] # NOTE: There is a standard list in the submodule
    47. 

  47. #  resource_arn = aws_lb.searchhead-auth-alb.arn
    48. 

  48. #  fqdns = keys(module.public_dns_record_cust-auth-elb.forward) # first entry in list will be the WAF name
    49. 

  49. #
    50. 

  50. #  # These are passed through and should be the same for module
    51. 

  51. #  tags = merge(var.standard_tags, var.tags)
    52. 

  52. #  aws_partition = var.aws_partition
    53. 

  53. #  aws_region = var.aws_region
    54. 

  54. #  aws_account_id = var.aws_account_id
    55. 

  55. #}
    56.