forked from aws-ss/terraform-aws-wafv2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
95 lines (79 loc) · 3.52 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
variable "name" {
description = "(Required) Friendly name of the WebACL."
type = string
}
variable "description" {
description = "(Optional) Friendly description of the WebACL."
type = string
default = null
}
variable "scope" {
description = "(Required) Specifies whether this is for an AWS CloudFront distribution or for a regional application"
type = string
}
variable "default_action" {
description = "(Required) Action to perform if none of the rules contained in the WebACL match."
type = string
}
variable "visibility_config" {
description = "(Required) Defines and enables Amazon CloudWatch metrics and web request sample collection."
type = map(string)
}
variable "custom_response_body" {
description = "(Optional) Defines custom response bodies that can be referenced by custom_response actions."
type = map(any)
default = {}
}
variable "captcha_config" {
description = "(Optional) The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300."
type = number
default = 300
}
variable "challenge_config" {
description = "(Optional) The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300."
type = number
default = 300
}
variable "token_domains" {
description = "(Optional) Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains."
type = list(string)
default = []
}
variable "rule" {
description = "(Optional) Rule blocks used to identify the web requests that you want to allow, block, or count."
type = any
}
variable "tags" {
description = "(Optional) Map of key-value pairs to associate with the resource."
type = map(string)
default = null
}
variable "enabled_web_acl_association" {
description = "(Optional) Whether to create ALB association with WebACL."
type = bool
default = true
}
variable "resource_arn" {
description = " (Required) The Amazon Resource Name (ARN) of the resource to associate with the web ACL."
type = list(string)
}
variable "enabled_logging_configuration" {
description = "(Optional) Whether to create logging configuration."
type = bool
default = false
}
variable "log_destination_configs" {
type = string
description = "(Required) The Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) that you want to associate with the web ACL."
default = null
}
variable "redacted_fields" {
type = map(any)
description = "(Optional) The parts of the request that you want to keep out of the logs. Up to 100 redacted_fields blocks are supported."
default = null
}
variable "logging_filter" {
type = any
description = "(Optional) A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation."
default = null
}