Skip to content

Commit

Permalink
add empty blocked ipset - do not try to delete
Browse files Browse the repository at this point in the history
  • Loading branch information
@ian-hoyle
ian-hoyle committed Jan 17, 2025
1 parent aa88e68 commit 1f99d70
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 4 deletions.
5 changes: 2 additions & 3 deletions waf/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ resource "aws_wafv2_ip_set" "trusted" {
}

resource "aws_wafv2_ip_set" "blocked_ips" {
count = var.blocked_ips == "" ? 0 : 1
name = "${var.project}-${var.function}-${var.environment}-blockedIps"
scope = "REGIONAL"
ip_address_version = "IPV4"
Expand Down Expand Up @@ -102,7 +101,7 @@ resource "aws_wafv2_web_acl" "acl" {
}
statement {
ip_set_reference_statement {
arn = aws_wafv2_ip_set.blocked_ips[0].arn
arn = aws_wafv2_ip_set.blocked_ips.arn
}
}
visibility_config {
Expand Down Expand Up @@ -157,7 +156,7 @@ resource "aws_wafv2_web_acl" "acl" {
}
}

dynamic "rule" {
dynamic "rule" {
for_each = toset(var.aws_managed_rules)
content {
name = rule.value.name
Expand Down
2 changes: 1 addition & 1 deletion waf/outputs.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,5 @@ output "rule_group_arn" {
}

output "blocked_ip_set_arn" {
value = var.blocked_ips == "" ? "" : aws_wafv2_ip_set.blocked_ips[0].arn
value = var.blocked_ips == "" ? "" : aws_wafv2_ip_set.blocked_ips.arn
}

0 comments on commit 1f99d70

Please sign in to comment.