forked from fedemzcor/terraform-aws-waf-owasp-top-10-rules
-
Notifications
You must be signed in to change notification settings - Fork 0
/
outputs.tf
135 lines (126 loc) · 3.54 KB
/
outputs.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
output "rule_group_id" {
description = "AWS WAF Rule Group which contains all rules for OWASP Top 10 protection."
value = lower(var.target_scope) == "regional" ? element(
concat(
aws_wafregional_rule_group.owasp_top_10.*.id,
["NOT_CREATED"],
),
"0",
) : element(
concat(aws_waf_rule_group.owasp_top_10.*.id, ["NOT_CREATED"]),
"0",
)
}
output "rule01_sql_injection_rule_id" {
description = "AWS WAF Rule which mitigates SQL Injection Attacks."
value = lower(var.target_scope) == "regional" ? element(
concat(
aws_wafregional_rule.owasp_01_sql_injection_rule.*.id,
["NOT_CREATED"],
),
"0",
) : element(
concat(
aws_waf_rule.owasp_01_sql_injection_rule.*.id,
["NOT_CREATED"],
),
"0",
)
}
output "rule02_auth_token_rule_id" {
description = "AWS WAF Rule which blacklists bad/hijacked JWT tokens or session IDs."
value = lower(var.target_scope) == "regional" ? element(
concat(
aws_wafregional_rule.owasp_02_auth_token_rule.*.id,
["NOT_CREATED"],
),
"0",
) : element(
concat(aws_waf_rule.owasp_02_auth_token_rule.*.id, ["NOT_CREATED"]),
"0",
)
}
output "rule03_xss_rule_id" {
description = "AWS WAF Rule which mitigates Cross Site Scripting Attacks."
value = lower(var.target_scope) == "regional" ? element(
concat(aws_wafregional_rule.owasp_03_xss_rule.*.id, ["NOT_CREATED"]),
"0",
) : element(
concat(aws_waf_rule.owasp_03_xss_rule.*.id, ["NOT_CREATED"]),
"0",
)
}
output "rule04_paths_rule_id" {
description = "AWS WAF Rule which mitigates Path Traversal, LFI, RFI."
value = lower(var.target_scope) == "regional" ? element(
concat(
aws_wafregional_rule.owasp_04_paths_rule.*.id,
["NOT_CREATED"],
),
"0",
) : element(
concat(aws_waf_rule.owasp_04_paths_rule.*.id, ["NOT_CREATED"]),
"0",
)
}
output "rule06_php_insecure_rule_id" {
description = "AWS WAF Rule which mitigates PHP Specific Security Misconfigurations."
value = lower(var.target_scope) == "regional" ? element(
concat(
aws_wafregional_rule.owasp_06_php_insecure_rule.*.id,
["NOT_CREATED"],
),
"0",
) : element(
concat(
aws_waf_rule.owasp_06_php_insecure_rule.*.id,
["NOT_CREATED"],
),
"0",
)
}
output "rule07_size_restriction_rule_id" {
description = "AWS WAF Rule which mitigates abnormal requests via size restrictions."
value = lower(var.target_scope) == "regional" ? element(
concat(
aws_wafregional_rule.owasp_07_size_restriction_rule.*.id,
["NOT_CREATED"],
),
"0",
) : element(
concat(
aws_waf_rule.owasp_07_size_restriction_rule.*.id,
["NOT_CREATED"],
),
"0",
)
}
output "rule08_csrf_rule_id" {
description = "AWS WAF Rule which enforces the presence of CSRF token in request header."
value = lower(var.target_scope) == "regional" ? element(
concat(
aws_wafregional_rule.owasp_08_csrf_rule.*.id,
["NOT_CREATED"],
),
"0",
) : element(
concat(aws_waf_rule.owasp_08_csrf_rule.*.id, ["NOT_CREATED"]),
"0",
)
}
output "rule09_server_side_include_rule_id" {
description = "AWS WAF Rule which blocks request patterns for webroot objects that shouldn't be directly accessible."
value = lower(var.target_scope) == "regional" ? element(
concat(
aws_wafregional_rule.owasp_09_server_side_include_rule.*.id,
["NOT_CREATED"],
),
"0",
) : element(
concat(
aws_waf_rule.owasp_09_server_side_include_rule.*.id,
["NOT_CREATED"],
),
"0",
)
}