From 9c953f13161ac450ac7ba41a638fab398f26acb2 Mon Sep 17 00:00:00 2001 From: Sam Ainsworth Date: Mon, 30 Oct 2023 09:31:09 +0000 Subject: [PATCH] UML-3150 Move WAF to region (#2387) --- terraform/environment/refactor.tf | 10 ++++++++++ terraform/environment/region.tf | 1 + terraform/environment/region/variables.tf | 5 +++++ terraform/environment/region/waf.tf | 16 ++++++++++++++++ terraform/environment/waf.tf | 16 ---------------- 5 files changed, 32 insertions(+), 16 deletions(-) create mode 100644 terraform/environment/region/waf.tf delete mode 100644 terraform/environment/waf.tf diff --git a/terraform/environment/refactor.tf b/terraform/environment/refactor.tf index 0617a4984e..2f6707133d 100644 --- a/terraform/environment/refactor.tf +++ b/terraform/environment/refactor.tf @@ -861,3 +861,13 @@ moved { from = aws_lambda_permission.allow_cloudwatch to = module.eu_west_1.aws_lambda_permission.allow_cloudwatch } + +moved { + from = aws_wafv2_web_acl_association.actor[0] + to = module.eu_west_1.aws_wafv2_web_acl_association.actor[0] +} + +moved { + from = aws_wafv2_web_acl_association.viewer[0] + to = module.eu_west_1.aws_wafv2_web_acl_association.viewer[0] +} diff --git a/terraform/environment/region.tf b/terraform/environment/region.tf index 5e69355b83..7c1117c41e 100644 --- a/terraform/environment/region.tf +++ b/terraform/environment/region.tf @@ -4,6 +4,7 @@ module "eu_west_1" { account_name = local.environment.account_name admin_container_version = var.admin_container_version autoscaling = local.environment.autoscaling + associate_alb_with_waf_web_acl_enabled = local.environment.associate_alb_with_waf_web_acl_enabled aws_service_discovery_service = aws_service_discovery_private_dns_namespace.internal_ecs capacity_provider = local.capacity_provider container_version = var.container_version diff --git a/terraform/environment/region/variables.tf b/terraform/environment/region/variables.tf index dd63874082..ab347088ca 100644 --- a/terraform/environment/region/variables.tf +++ b/terraform/environment/region/variables.tf @@ -31,6 +31,11 @@ variable "admin_container_version" { type = string } +variable "associate_alb_with_waf_web_acl_enabled" { + description = "Whether or not to associate the ALBs with the WAF web ACL." + type = bool +} + variable "autoscaling" { description = "The min and max number of instances to run for each ECS service." type = map(object({ diff --git a/terraform/environment/region/waf.tf b/terraform/environment/region/waf.tf new file mode 100644 index 0000000000..316fbe3ee0 --- /dev/null +++ b/terraform/environment/region/waf.tf @@ -0,0 +1,16 @@ +data "aws_wafv2_web_acl" "main" { + name = "${var.account_name}-web-acl" + scope = "REGIONAL" +} + +resource "aws_wafv2_web_acl_association" "actor" { + count = var.associate_alb_with_waf_web_acl_enabled ? 1 : 0 + resource_arn = aws_lb.actor.arn + web_acl_arn = data.aws_wafv2_web_acl.main.arn +} + +resource "aws_wafv2_web_acl_association" "viewer" { + count = var.associate_alb_with_waf_web_acl_enabled ? 1 : 0 + resource_arn = aws_lb.viewer.arn + web_acl_arn = data.aws_wafv2_web_acl.main.arn +} diff --git a/terraform/environment/waf.tf b/terraform/environment/waf.tf deleted file mode 100644 index b89ffd7da0..0000000000 --- a/terraform/environment/waf.tf +++ /dev/null @@ -1,16 +0,0 @@ -data "aws_wafv2_web_acl" "main" { - name = "${local.environment.account_name}-web-acl" - scope = "REGIONAL" -} - -resource "aws_wafv2_web_acl_association" "actor" { - count = local.environment.associate_alb_with_waf_web_acl_enabled ? 1 : 0 - resource_arn = module.eu_west_1.albs.actor.arn - web_acl_arn = data.aws_wafv2_web_acl.main.arn -} - -resource "aws_wafv2_web_acl_association" "viewer" { - count = local.environment.associate_alb_with_waf_web_acl_enabled ? 1 : 0 - resource_arn = module.eu_west_1.albs.viewer.arn - web_acl_arn = data.aws_wafv2_web_acl.main.arn -}