Terraform-provider-aws: Feature Request: WAFv2 Rule Group Resource
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
In November 2019, AWS released a new version of the WAF API, WAFv2, which offers improved functionality over the previous WAF API ("WAF Classic") such as Managed Rules and WAF Capacity Units. This new API requires separate Terraform resource implementations from the previous resource implementations.
New or Affected Resource(s)
- aws_wafv2_rule_group
Potential Terraform Configuration
resource "aws_wafv2_rule_group" "example" {
capacity = 1
description = ""
name = ""
scope = ""
tags = {}
rule {
action {
# The below shows the current API structure, which means there may be intention to include
# additional settings with each action type in the future
# Purposefully empty configuration blocks are awkward in Terraform configurations and the Plugin SDK though, so we may want to shy away from the pure API schema mapping here if they cause any trouble
allow {}
block {}
count {}
}
name = ""
override_action {
count {}
none {}
}
priority = 1
# these are not fully shown and appear to be recursive in some cases
statement {
and_statement {
statement {}
statement {}
}
byte_match_statement {
field_to_match {
all_query_arguments {}
body {}
method {}
query_string {}
single_header {
name = ""
}
single_query_argument {
name = ""
}
uri_path {}
}
positional_constraint = ""
search_string = ""
text_transformation {
priority = 1
type = ""
}
}
geo_match_statement {
country_codes = []
}
ip_set_reference_statement {
arn = ""
}
managed_rule_group_statement {
excluded_rule {
name = ""
}
name = ""
vendor_name = ""
}
not_statement {
statement {}
}
or_statement {
statement {}
statement {}
}
rate_based_statement {
aggregate_key_type = ""
limit = 100
scope_down_statement {}
}
regex_pattern_set_reference_statement {
arn = ""
field_to_match {} # see above
text_transformation {} # see above
}
rule_group_reference_statement {
arn = ""
excluded_rule {
name = ""
}
}
size_constraint_statement {
comparison_operator = ""
field_to_match {} # see above
size = 1
text_transformation {} # see above
}
sqli_match_statement {
field_to_match {} # see above
text_transformation {} # see above
}
xss_match_statement {
field_to_match {} # see above
text_transformation {} # see above
}
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = ""
sampled_requests_enabled = true
}
}
References
bflad
All 10 comments
@bflad any update on this new resource as to when they may be available? Thanks
ricohomewood
on 20 Feb 2020
@bflad any update on this new resource as to when they may be available? Thanks
:+1:
I can't deal with the ugly wafv1 dashboard anymore... it breaks my soul! Especially when there's the new, modern, pretty wafv2 dashboard available in the console :)
sb-travelperk
on 27 Feb 2020
I waited a very long time and set up bounties just to get the ALB multi-line rules added to Terraform. Maybe opening another bounty for this would give someone motivation.
emmm-dee
on 27 Feb 2020
I'm interested to work on this issue @bflad
@anGie44
rajkumarkandasami
on 26 May 2020
This feature has been merged and will release with v2.66.0 of the Terraform AWS Provider, expected in this week's release.
anGie44
on 8 Jun 2020
Will this week's release include support for AWS managed rule-sets perhaps?
thagh05t
on 11 Jun 2020
hi @thagh05t 👋 the merge of this resource doesn't include it but #12688 (WebACL, currently in review) will provide support for Managed Rule Group Statements. Nevertheless, please feel free to create an issue for adding support for managed_rule_group statements within the wafv2 RuleGroup resource so we can keep track of this enhancement request (edit: pending upstream changes)!
anGie44
on 11 Jun 2020
AFAIK managed rules can only be added on a Web ACL, the docs are not 100% correct 😬
pvanbuijtene
on 11 Jun 2020
This has been released in version 2.66.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.
For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 12 Jun 2020
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
hashibot[bot]
on 8 Jul 2020
Related issues
carmas
·
3Comments
gothrek22
·
3Comments
hashibot
·
3Comments
hashibot
·
3Comments
EmmN
·
3Comments
Most helpful comment
@bflad any update on this new resource as to when they may be available? Thanks