-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #145 from kloia/adjust-waf-ip-set-to-create-generi…
…c-groups adjust dynamic waf ip set creation
- Loading branch information
Showing
3 changed files
with
58 additions
and
27 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,9 +1,15 @@ | ||
| output "blacklist_ip_set_arn" { | ||
| value = aws_wafv2_ip_set.blacklist_ip_set.arn | ||
| description = "arn of blacklist ip set" | ||
| value = aws_wafv2_ip_set.blacklist_ip_set.arn | ||
| description = "arn of blacklist ip set" | ||
| } | ||
|
|
||
| output "whitelist_ip_set_arn" { | ||
| value = aws_wafv2_ip_set.whitelist_ip_set.arn | ||
| description = "arn of whitelist ip set" | ||
| } | ||
| value = aws_wafv2_ip_set.whitelist_ip_set.arn | ||
| description = "arn of whitelist ip set" | ||
| } | ||
|
|
||
| output "dynamic_waf_ip_set_arns" { | ||
| value = { for key, ip_set in aws_wafv2_ip_set.ip_addresses : key => ip_set.arn } | ||
| description = "Map of ARNs for dynamically created IP address groups" | ||
| } | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,43 +1,58 @@ | ||
| variable "ip_set_addresses" { | ||
| description = "IP addresses" | ||
| type = list(string) | ||
| default = [] | ||
| description = "IP addresses" | ||
| type = list(string) | ||
| default = [] | ||
| } | ||
|
|
||
| variable "ip_set_name" { | ||
| description = "IP Set Name" | ||
| default = "" | ||
| description = "IP Set Name" | ||
| default = "" | ||
| } | ||
|
|
||
| variable "ip_set_description" { | ||
| description = "Description of the IP set" | ||
| default = "" | ||
| description = "Description of the IP set" | ||
| default = "" | ||
|
|
||
| } | ||
|
|
||
| variable "whitelist_scope" { | ||
| description = "" | ||
| default = "REGIONAL" | ||
| default = "REGIONAL" | ||
| } | ||
|
|
||
| variable "blacklist_ip_addresses" { | ||
| description = "Blacklist IP addresses" | ||
| type = list(string) | ||
| default = [] | ||
| description = "Blacklist IP addresses" | ||
| type = list(string) | ||
| default = [] | ||
| } | ||
|
|
||
| variable "blacklist_ip_set_name" { | ||
| description = "IP Set Name" | ||
| default = "" | ||
| description = "IP Set Name" | ||
| default = "" | ||
| } | ||
|
|
||
| variable "blacklist_ip_set_description" { | ||
| description = "Description of the IP set" | ||
| default = "" | ||
| description = "Description of the IP set" | ||
| default = "" | ||
|
|
||
| } | ||
|
|
||
| variable "blacklist_scope" { | ||
| description = "" | ||
| default = "REGIONAL" | ||
| } | ||
| default = "REGIONAL" | ||
| } | ||
|
|
||
|
|
||
|
|
||
|
|
||
| variable "ip_address_groups" { | ||
| description = "Map of IP address groups for creating multiple AWS WAFv2 IP Sets" | ||
| type = map(object({ | ||
| ip_address_version = string | ||
| whitelist_scope = string | ||
| ip_set_description = string | ||
| ip_set_name = string | ||
| ip_set_addresses = list(string) | ||
| })) | ||
| default = {} | ||
| } |