| 123456789101112131415 |
- module "waf" {
- source = "../../submodules/wafv2"
- # Custom to resource
- allowed_ips = [ ] # bypasses filters, so should not be needed/used unless warranted. We previously did var.admin_remote_ipset, but that seems like a bad idea
- additional_blocked_ips = [ ] # NOTE: There is a standard list in the submodule
- resource_arn = aws_alb.portal.arn
- fqdns = keys(module.public_dns_record.forward) # first entry in list will be the WAF name
- # These are passed through and should be the same for module
- tags = merge(var.standard_tags, var.tags)
- aws_partition = var.aws_partition
- aws_region = var.aws_region
- aws_account_id = var.aws_account_id
- }
|
