Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
AFS
/
xdr-terraform-modules
2
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Drzewo: e5ddc5c598
Gałęzie Tagi
xdr-terraform-m...
/
submodules
/
load_balancer
/
static_nlb_to_alb
/
waf.tf

waf.tf 2.1 KB
Historia Czysty

12345678910111213141516171819202122232425262728293031323334353637383940414243 
  1. locals {
    2. 

  2.   fqdns_all = concat(module.public_dns_record.forward, var.subject_alternative_names, var.fqdns)
    3. 

  3.   fqdns     = [for fqdn in local.fqdns_all : fqdn if substr(fqdn, 0, 1) != "*"]
    4. 

  4. }
    5. 

  5. 

  6. module "waf" {
    7. 

  7.   count = var.waf_enabled ? 1 : 0
    8. 

  8. 

  9.   source = "../../../submodules/wafv2"
    10. 

  10. 

  11.   # Custom to resource
    12. 

  12.   allowed_ips            = var.allowed_ips
    13. 

  13.   additional_blocked_ips = var.additional_blocked_ips
    14. 

  14.   admin_ips              = var.admin_ips #concat(var.zscalar_ips, var.admin_ips)
    15. 

  15. 

  16.   resource_arn = aws_lb.external.arn
    17. 

  17.   fqdns        = local.fqdns
    18. 

  18. 

  19.   # Passthrough Excluded Rules
    20. 

  20.   excluded_rules_AWSManagedRulesCommonRuleSet          = var.excluded_rules_AWSManagedRulesCommonRuleSet
    21. 

  21.   excluded_rules_AWSManagedRulesAmazonIpReputationList = var.excluded_rules_AWSManagedRulesAmazonIpReputationList
    22. 

  22.   excluded_rules_AWSManagedRulesKnownBadInputsRuleSet  = var.excluded_rules_AWSManagedRulesKnownBadInputsRuleSet
    23. 

  23.   excluded_rules_AWSManagedRulesSQLiRuleSet            = var.excluded_rules_AWSManagedRulesSQLiRuleSet
    24. 

  24.   excluded_rules_AWSManagedRulesLinuxRuleSet           = var.excluded_rules_AWSManagedRulesLinuxRuleSet
    25. 

  25.   excluded_rules_AWSManagedRulesUnixRuleSet            = var.excluded_rules_AWSManagedRulesUnixRuleSet
    26. 

  26. 

  27.   # Passthrough Excluded Rule Sets
    28. 

  28.   excluded_set_AWSManagedRulesCommonRuleSet          = var.excluded_set_AWSManagedRulesCommonRuleSet
    29. 

  29.   excluded_set_AWSManagedRulesAmazonIpReputationList = var.excluded_set_AWSManagedRulesAmazonIpReputationList
    30. 

  30.   excluded_set_AWSManagedRulesKnownBadInputsRuleSet  = var.excluded_set_AWSManagedRulesKnownBadInputsRuleSet
    31. 

  31.   excluded_set_AWSManagedRulesSQLiRuleSet            = var.excluded_set_AWSManagedRulesSQLiRuleSet
    32. 

  32.   excluded_set_AWSManagedRulesLinuxRuleSet           = var.excluded_set_AWSManagedRulesLinuxRuleSet
    33. 

  33.   excluded_set_AWSManagedRulesUnixRuleSet            = var.excluded_set_AWSManagedRulesUnixRuleSet
    34. 

  34. 

  35. 

  36.   block_settings = var.block_settings
    37. 

  37. 

  38.   # These are passed through and should be the same for module
    39. 

  39.   aws_partition  = var.aws_partition
    40. 

  40.   aws_region     = var.aws_region
    41. 

  41.   aws_account_id = var.aws_account_id
    42. 

  42.   tags           = merge(var.tags, { Name = "${var.name}-lb-external-${var.environment}" })
    43. 

  43. }
    44.