Skip to content
/ aws-wafv2-baseline-rule-group Public

Terraform module to create a WAFv2 rule group which enables basic rules

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

terrablocks/aws-wafv2-baseline-rule-group

BranchesTags

Repository files navigation

Create a baseline security rule group for WAF

License Plan Checkov Commit Release

This terraform module will deploy the following services:

  • WAFv2 Rule Group

Usage Instructions

Example

module "wafv2_rule_group" {
  source = "github.com/terrablocks/aws-wafv2-baseline-rule-group.git?ref=" # Always use `ref` to point module to a specific version or hash

  name  = "baseline-waf-rule-group"
  scope = "REGIONAL"
}

Requirements

Name Version
terraform >= 1.8.0
aws >= 5.0.0

Inputs

Name Description Type Default Required
block_cloudfront_default_domain Block all incoming traffic if the request host header contains cloudfront domain. This rule prevents bad actors from bypassing the custom domain to which you have mapped cloudfront domain object({ enabled = bool priority = optional(number) enable_cw_metrics = optional(bool) }) { "enable_cw_metrics": true, "enabled": true, "priority": 1 } no
block_load_balancer_default_domain Block all incoming traffic if the request host header contains load balancer domain. This rule prevents bad actors from bypassing the custom domain to which you have mapped load balancer domain object({ enabled = bool priority = optional(number) enable_cw_metrics = optional(bool) }) { "enable_cw_metrics": true, "enabled": true, "priority": 2 } no
block_sanctioned_countries Blacklist all incoming traffic from the countries sanctioned by the US. Country codes must follow alpha-2 format as per ISO 3166 standards object({ enabled = bool priority = optional(number) countries_code = optional(list(string)) enable_cw_metrics = optional(bool) }) { "countries_code": [ "CU", "IR", "KP", "RU", "SY" ], "enable_cw_metrics": true, "enabled": true, "priority": 0 } no
description Description for the rule group string "Baseline security WAF rule group" no
enable_cw_metrics Enable CloudWatch metrics for the rule group bool true no
name Name of the rule group string n/a yes
scope Scope of the rule group. Note: Valid value is either REGIONAL or CLOUDFRONT string n/a yes
tags Map of key value pair to associate with the rule group map(string) null no

Outputs

Name Description
arn ARN of the WAF rule group
capacity WCU (web ACL capacity units) required for the WAF rule group
id ID of the WAF rule group

About

Terraform module to create a WAFv2 rule group which enables basic rules

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 Latest
May 5, 2024

Packages

No packages published

Languages