xdr-terraform-modules/submodules/load_balancer/static_nlb_to_alb/waf.tf

module "waf" {
  count = var.waf_enabled ? 1 : 0

  source = "../../../submodules/wafv2"

  # Custom to resource
  allowed_ips            = var.allowed_ips
  additional_blocked_ips = var.additional_blocked_ips
  admin_ips              = var.admin_ips #concat(var.zscalar_ips, var.admin_ips)

  resource_arn = aws_lb.external.arn
  fqdns        = concat(module.public_dns_record.forward, var.subject_alternative_names) # first entry in list will be the WAF name

  # Passthrough
  excluded_rules_AWSManagedRulesCommonRuleSet          = var.excluded_rules_AWSManagedRulesCommonRuleSet
  excluded_rules_AWSManagedRulesAmazonIpReputationList = var.excluded_rules_AWSManagedRulesAmazonIpReputationList
  excluded_rules_AWSManagedRulesKnownBadInputsRuleSet  = var.excluded_rules_AWSManagedRulesKnownBadInputsRuleSet
  excluded_rules_AWSManagedRulesSQLiRuleSet            = var.excluded_rules_AWSManagedRulesSQLiRuleSet
  excluded_rules_AWSManagedRulesLinuxRuleSet           = var.excluded_rules_AWSManagedRulesLinuxRuleSet
  excluded_rules_AWSManagedRulesUnixRuleSet            = var.excluded_rules_AWSManagedRulesUnixRuleSet

  # These are passed through and should be the same for module
  aws_partition  = var.aws_partition
  aws_region     = var.aws_region
  aws_account_id = var.aws_account_id
  tags           = merge(var.tags, { Name = "${var.name}-lb-external-${var.environment}" })
}