使用 Terraform 动态创建多个 WAF 规则
[英]Dynamically create multiple WAF rules with Terraform
问题描述
I've got a piece of Terraform code that creates a Web ACL with a set of rules in AWS.
我有一段 Terraform 代码,它在 AWS 中创建一个带有一组规则的 Web ACL。
provider "aws" {
region = "eu-west-2"
}
resource "aws_wafv2_web_acl" "foo" {
name = "foo"
description = "foo"
scope = "REGIONAL"
default_action {
block {}
}
rule {
name = "AWS-AWSManagedRulesLinuxRuleSet"
priority = 0
override_action {
count {}
}
statement {
managed_rule_group_statement {
name = "AWS-AWSManagedRulesLinuxRuleSet"
vendor_name = "AWS"
}
}
visibility_config {
cloudwatch_metrics_enabled = false
metric_name = "foo_name"
sampled_requests_enabled = false
}
}
rule {
name = "AWS-AWSManagedRulesSQLiRuleSet"
priority = 1
override_action {
count {}
}
statement {
managed_rule_group_statement {
name = "AWS-AWSManagedRulesSQLiRuleSet"
vendor_name = "AWS"
}
}
visibility_config {
cloudwatch_metrics_enabled = false
metric_name = "foo_name"
sampled_requests_enabled = false
}
}
tags = {
Tag1 = "Value1"
}
visibility_config {
metric_name = "foo"
sampled_requests_enabled = false
cloudwatch_metrics_enabled = false
}
}
This works fine, but adding more rules means that my code starts to turn into somewhat of a monolith.这很好用,但添加更多规则意味着我的代码开始变得有点像单体。
Is there a way to create multiple rules in Terraform using dynamic_blocks or for_each or something else, in a way that looks cleaner and dry?有没有办法使用dynamic_blocks或for_each或其他东西在 Terraform 中创建多个规则,以一种看起来更干净和干燥的方式?
1 个解决方案
解决方案1
1 已采纳 2021-03-19 11:56:37
You use dynamic in combination with for_each like this:您将dynamic与for_each结合使用,如下所示:
Define a variable:定义一个变量:
variable "rules" {
type = list
default = [
{
name = "AWS-AWSManagedRulesLinuxRuleSet"
priority = 0
managed_rule_group_statement_name = "AWS-AWSManagedRulesLinuxRuleSet"
managed_rule_group_statement_vendor_name = "AWS"
metric_name = "foo_name"
},
{
name = "AWS-AWSManagedRulesSQLiRuleSet"
priority = 1
managed_rule_group_statement_name = "AWS-AWSManagedRulesSQLiRuleSet"
managed_rule_group_statement_vendor_name = "AWS"
metric_name = "foo_name"
}
]
}
Then use it in the resource:然后在资源中使用它:
dynamic "rule" {
for_each = toset(var.rules)
content {
name = rule.value.name
priority = rule.value.priority
override_action {
count {}
}
statement {
managed_rule_group_statement {
name = rule.value.managed_rule_group_statement_name
vendor_name = rule.value.managed_rule_group_statement_vendor_name
}
}
visibility_config {
cloudwatch_metrics_enabled = false
metric_name = rule.value.metric_name
sampled_requests_enabled = false
}
}
}
(Note: Obviously this replaces your previous rule blocks. See also the documentation about Dynamic Blocks for more information.) (注意:显然这会替换您之前的rule块。有关更多信息,另请参阅有关动态块的文档。)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.