forked from cloudposse/terraform-aws-firewall-manager
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwaf_v2.tf
57 lines (45 loc) · 2.08 KB
/
waf_v2.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
module "waf_v2_label" {
for_each = local.waf_v2_policies
source = "cloudposse/label/null"
version = "0.25.0"
attributes = [each.key]
context = module.this.context
}
resource "aws_fms_policy" "waf_v2" {
for_each = local.waf_v2_policies
name = module.waf_v2_label[each.key].id
delete_all_policy_resources = lookup(each.value, "delete_all_policy_resources", true)
exclude_resource_tags = lookup(each.value, "exclude_resource_tags", false)
remediation_enabled = lookup(each.value, "remediation_enabled", false)
resource_type_list = lookup(each.value, "resource_type_list", null)
resource_type = lookup(each.value, "resource_type", null)
resource_tags = lookup(each.value, "resource_tags", null)
dynamic "include_map" {
for_each = lookup(each.value, "include_account_ids", [])
content {
account = include_map.value
}
}
dynamic "exclude_map" {
for_each = lookup(each.value, "exclude_account_ids", [])
content {
account = exclude_map.value
}
}
security_service_policy_data {
type = "WAFV2"
managed_service_data = jsonencode({
type = "WAFV2"
preProcessRuleGroups = lookup(each.value.policy_data, "pre_process_rule_groups", [])
postProcessRuleGroups = lookup(each.value.policy_data, "post_process_rule_groups", [])
defaultAction = {
type = upper(each.value.policy_data.default_action)
}
overrideCustomerWebACLAssociation = lookup(each.value.policy_data, "override_customer_web_acl_association", false)
loggingConfiguration = lookup(each.value.policy_data, "logging_configuration", local.logging_configuration)
customRequestHandling = lookup(each.value.policy_data, "custom_request_handling", null)
customResponse = lookup(each.value.policy_data, "custom_response", null)
sampledRequestsEnabledForDefaultActions = lookup(each.value.policy_data, "sampled_requests_enabled_for_default_actions", false)
})
}
}