-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathwaf.tf
67 lines (59 loc) · 1.35 KB
/
waf.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
resource "aws_waf_ipset" "ridi_pay_frontend" {
name = "RidiPayIPSet"
count = module.global_variables.is_prod ? 0 : 1
ip_set_descriptors {
type = "IPV4"
value = "218.232.41.2/32"
}
ip_set_descriptors {
type = "IPV4"
value = "218.232.41.3/32"
}
ip_set_descriptors {
type = "IPV4"
value = "218.232.41.4/32"
}
ip_set_descriptors {
type = "IPV4"
value = "218.232.41.5/32"
}
ip_set_descriptors {
type = "IPV4"
value = "222.231.4.164/32"
}
ip_set_descriptors {
type = "IPV4"
value = "222.231.4.165/32"
}
}
resource "aws_waf_rule" "ridi_pay_frontend" {
depends_on = [aws_waf_ipset.ridi_pay_frontend]
name = "RidiPayWAFRule"
metric_name = "RidiPayWAFRule"
count = module.global_variables.is_prod ? 0 : 1
predicates {
data_id = aws_waf_ipset.ridi_pay_frontend[0].id
negated = false
type = "IPMatch"
}
}
resource "aws_waf_web_acl" "ridi_pay_frontend" {
depends_on = [
aws_waf_ipset.ridi_pay_frontend,
aws_waf_rule.ridi_pay_frontend,
]
name = "RidiPayWebACL"
metric_name = "RidiPayWebACL"
count = module.global_variables.is_prod ? 0 : 1
default_action {
type = "BLOCK"
}
rules {
action {
type = "ALLOW"
}
priority = 1
rule_id = aws_waf_rule.ridi_pay_frontend[0].id
type = "REGULAR"
}
}