HomeTerraform Modulewaf

waf

dwp/waf/aws

Terraform Module HCL AWS

A Terraform module to create an AWS Classic Regional WAF with consistent features

Install
module "waf" {
source = "dwp/waf/aws"
version = "0.0.10"
}
plain text: /constructs/tfmod-dwp-waf-aws/install.txt
⭐ Source on GitHub 📦 Registry page
README

DO NOT USE THIS REPO - MIGRATED TO GITLAB terraform-aws-waf A Terraform module to create an AWS Classic Regional WAF with consistent features Usage In its simplest form, this module will create a WAF with all default rules enabled and a Kinesis Firehose delivery stream to write logs to S3 and CloudWatch. ``$hcl module waf { source = "dwp/waf/aws" name = "example" s3_log_bucket = "example-bucket" whitelist_cidr_blocks = ["0.0.0.0/0"] tags = [] } ` All IPs not included in whitelist_cidr_blocks will be blocked by the WAF. The geo-match rule defaults to Country: GB, and can be overridden/extended using the geo_match_constraints variable. This WAF applies size constraints on incoming requests, which can be set with the max_size_constraints variable. The default values are (in bytes): | Componen

Inputs (10)
NameTypeDescriptionDefault
whitelist_cidr_blockslist(string)List of CIDR blocks to be allowed through the WAF required
tagsmap(string)tags to apply to aws resource required
namestringcommon name required
s3_log_bucketstringS3 Bucket to use for WAF logs required
max_size_constraintsobject({ body = nuConstraints to apply on request size on a per component basis in bytes.{ "body": 8192, "cookie": 4092, "q
custom_ruleslist(object({ rule_id = stSpecify additional rules to be added to the WAF[]
default_actionstringThe default action for this WAF. Allowed values are ALLOW, BLOCK and COUNT."BLOCK"
geo_match_constraintslist(object({ type = striGeo match conditions to ALLOW through the WAF[ { "type": "Country", "value"
enabled_rulesobject({ xss Specify which default rules are enabled. By default all rules are enabled.{ "bad_auth_tokens": true, "enforce_
s3_log_prefixstringPrefix to use for S3 WAF logs"waf"
Outputs (1)
wafregional_web_acl_id — The ID of the regional Web ACL.
Resources (12)
aws_iam_policyaws_iam_roleaws_iam_role_policy_attachmentaws_kinesis_firehose_delivery_streamaws_wafregional_byte_match_setaws_wafregional_geo_match_setaws_wafregional_ipsetaws_wafregional_ruleaws_wafregional_size_constraint_setaws_wafregional_sql_injection_match_setaws_wafregional_web_aclaws_wafregional_xss_match_set
Topics & Tags
terraformawsinfrastructurehacktoberfestinfrastructure-as-codegovuk
Details
FrameworkTerraform Module
LanguageHCL
Version0.0.10
Cloud AWS
★ Stars0
Forks3
Total downloads9.3k
Inputs10
Outputs1
Resources12
LicenseISC
Namespacedwp
Updated
Similar packages
caf-enterprise-scale

Azure landing zones Terraform module

★ 952terraform
caf

Terraform supermodule for the Terraform platform engineering for Azure

★ 581terraform
lz-vending

Terraform module to deploy landing zone subscriptions (and much more) in Azure

★ 210terraform
label

Terraform Module to define a consistent naming convention by (namespace, stage,

★ 702terraform
Tools
⚖ Compare with another construct → 📋 View data schema