HomeTerraform Modulewaf

waf

DNXLabs/waf/aws

Terraform Module HCL AWS

This terraform module creates a Global Web Application Firewall(WAF) Web Acl to be used with Cloudfront.

Install
module "waf" {
source = "DNXLabs/waf/aws"
version = "1.2.2"
}
plain text: /constructs/tfmod-dnxlabs-waf-aws/install.txt
⭐ Source on GitHub 📦 Registry page
README

terraform-aws-waf ![Lint Status](https://github.com/DNXLabs/terraform-aws-waf/actions) ![LICENSE](https://github.com/DNXLabs/terraform-aws-waf/blob/master/LICENSE) This terraform module creates two type of WAFv2 Web ACL rules: - CLOUDFRONT is a Global rule used in CloudFront Distribution only - REGIONAL rules can be used in ALB, API Gateway or AppSync GraphQL API Follow a commum list of Web ACL rules that can be used by this module and how to setup it, also a link of the documentation with a full list of AWS WAF Rules, you need to use the "Name" of the Rule Groups and take care with WCUs, it's why Web ACL rules can't exceed 1500 WCUs. - byte_match_statement - geo_match_statement - ip_set_reference_statement - managed_rule_group_statement - AWSManagedRulesCommonRuleSet - AWSManagedRulesAmaz

Inputs (22)
NameTypeDescriptionDefault
scopestringThe scope of this Web ACL. Valid options: CLOUDFRONT, REGIONAL(ALB). required
regex_pattern_set_reference_statement_ruleslist(object({ name = required
logging_filterlist(object({ default_beh required
geo_match_statement_ruleslist(object({ name required
rate_based_statement_ruleslist(object({ name = required
size_constraint_statement_ruleslist(object({ name required
sqli_match_statement_ruleslist(object({ name = required
xss_match_statement_ruleslist(object({ name = required
managed_rule_group_statement_ruleslist(object({ name = required
ip_set_reference_statement_ruleslist(object({ name = required
logging_redacted_fieldslist(object({ all_query_a required
byte_match_statement_ruleslist(object({ name = required
default_actionstring"block"
waf_cloudfront_enableboolEnable WAF for Cloudfront distributionfalse
global_rulestringCloudfront WAF Rule Name""
regional_rulestringRegional WAF Rules for ALB and API Gateway""
logs_enableboolEnable logsfalse
web_acl_idstringSpecify a web ACL ARN to be associated in CloudFront Distribution / # Optional Wnull
logs_retensionnumberSpecifies the number of days you want to retain log events in the specified log 90
resource_arnlist(string)ARN of the ALB to be associated with the WAFv2 ACL.[]
waf_regional_enableboolEnable WAFv2 to ALB, API Gateway or AppSync GraphQL APIfalse
associate_wafboolWhether to associate an ALB with the WAFv2 ACL.false
Outputs (8)
web_acl_visibility_config_name_regional — The web ACL visibility config name
web_acl_visibility_config_name_cloudfront — The web ACL visibility config name
web_acl_id — The ID of the WAFv2 WebACL.
web_acl_name_cloudfront — The name of the WAFv2 WebACL.
web_acl_name_regional — The name of the WAFv2 WebACL.
web_acl_arn — The ARN of the WAFv2 WebACL.
web_acl_capacity_cloudfront — The web ACL capacity units (WCUs) currently being used by this web ACL.
web_acl_capacity_regional — The web ACL capacity units (WCUs) currently being used by this web ACL.
Resources (6)
aws_cloudwatch_log_groupaws_wafv2_ip_setaws_wafv2_regex_pattern_setaws_wafv2_web_aclaws_wafv2_web_acl_associationaws_wafv2_web_acl_logging_configuration
Topics & Tags
waf
Details
FrameworkTerraform Module
LanguageHCL
Version1.2.2
Cloud AWS
★ Stars4
Forks11
Total downloads6.0k
Inputs22
Outputs8
Resources6
LicenseApache-2.0
NamespaceDNXLabs
Updated
Similar packages
cloudfront-waf

WAF for use with CloudFront

★ 2waf
api-gateway-waf

AWS WAF Regional Web ACL for use with AWS API Gateway REST API

★ 1waf
Tools
⚖ Compare with another construct → 📋 View data schema