| 12345678910111213141516171819202122232425262728293031323334 |
- # This can be removed once WAFv2 is enabled in prod
- locals {
- blacklisted_ips = [
- {
- "value" = "172.16.0.0/16"
- type = "IPV4"
- },
- {
- "value" = "192.168.0.0/16"
- type = "IPV4"
- },
- {
- "value" = "169.254.0.0/16"
- type = "IPV4"
- },
- {
- "value" = "127.0.0.1/32"
- type = "IPV4"
- },
- ]
- waf_prefix = "portal"
- }
- module "regional_waf" {
- source = "../../submodules/waf_owasp_top10"
- waf_prefix = local.waf_prefix
- blacklisted_ips = local.blacklisted_ips
- admin_remote_ipset = var.admin_remote_ipset
- }
- resource "aws_wafregional_web_acl_association" "portal_alb_waf" {
- resource_arn = aws_alb.portal.arn
- web_acl_id = module.regional_waf.web_acl_id
- }
|
