Merge branch 'main' into UML-3013-kick-off-one-login-process

ministryofjustice · Oct 30, 2023 · cb412ad · cb412ad
2 parents 4c42e69 + 9c953f1
commit cb412ad
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 16 deletions.
diff --git a/terraform/environment/refactor.tf b/terraform/environment/refactor.tf
@@ -861,3 +861,13 @@ moved {
   from = aws_lambda_permission.allow_cloudwatch
   to   = module.eu_west_1.aws_lambda_permission.allow_cloudwatch
 }
+
+moved {
+  from = aws_wafv2_web_acl_association.actor[0]
+  to   = module.eu_west_1.aws_wafv2_web_acl_association.actor[0]
+}
+
+moved {
+  from = aws_wafv2_web_acl_association.viewer[0]
+  to   = module.eu_west_1.aws_wafv2_web_acl_association.viewer[0]
+}
diff --git a/terraform/environment/region.tf b/terraform/environment/region.tf
@@ -4,6 +4,7 @@ module "eu_west_1" {
   account_name                              = local.environment.account_name
   admin_container_version                   = var.admin_container_version
   autoscaling                               = local.environment.autoscaling
+  associate_alb_with_waf_web_acl_enabled    = local.environment.associate_alb_with_waf_web_acl_enabled
   aws_service_discovery_service             = aws_service_discovery_private_dns_namespace.internal_ecs
   capacity_provider                         = local.capacity_provider
   container_version                         = var.container_version

diff --git a/terraform/environment/region/variables.tf b/terraform/environment/region/variables.tf
@@ -31,6 +31,11 @@ variable "admin_container_version" {
   type        = string
 }
 
+variable "associate_alb_with_waf_web_acl_enabled" {
+  description = "Whether or not to associate the ALBs with the WAF web ACL."
+  type        = bool
+}
+
 variable "autoscaling" {
   description = "The min and max number of instances to run for each ECS service."
   type = map(object({

diff --git a/terraform/environment/region/waf.tf b/terraform/environment/region/waf.tf
@@ -0,0 +1,16 @@
+data "aws_wafv2_web_acl" "main" {
+  name  = "${var.account_name}-web-acl"
+  scope = "REGIONAL"
+}
+
+resource "aws_wafv2_web_acl_association" "actor" {
+  count        = var.associate_alb_with_waf_web_acl_enabled ? 1 : 0
+  resource_arn = aws_lb.actor.arn
+  web_acl_arn  = data.aws_wafv2_web_acl.main.arn
+}
+
+resource "aws_wafv2_web_acl_association" "viewer" {
+  count        = var.associate_alb_with_waf_web_acl_enabled ? 1 : 0
+  resource_arn = aws_lb.viewer.arn
+  web_acl_arn  = data.aws_wafv2_web_acl.main.arn
+}
diff --git a/terraform/environment/waf.tf b/terraform/environment/waf.tf