stackoom
  简体   繁体   中英

Dynamically create multiple WAF rules with Terraform

 原文  2021-03-18 20:13:09       amazon-web-services/ terraform/ terraform-provider-aws/ terraform0.12+/ amazon-waf

Question

I've got a piece of Terraform code that creates a Web ACL with a set of rules in AWS.

provider "aws" {
  region = "eu-west-2"
}

resource "aws_wafv2_web_acl" "foo" {
    name        = "foo"
    description = "foo"
    scope       = "REGIONAL"
    default_action {
        block {}
    }
    rule {
      name = "AWS-AWSManagedRulesLinuxRuleSet"
      priority = 0
      override_action {
        count {}
      }
      statement {
        managed_rule_group_statement {
          name = "AWS-AWSManagedRulesLinuxRuleSet"
          vendor_name = "AWS"
        }
      }
      visibility_config {
        cloudwatch_metrics_enabled = false 
        metric_name                 = "foo_name"
        sampled_requests_enabled   = false
      }
    }
    rule {
      name = "AWS-AWSManagedRulesSQLiRuleSet"
      priority = 1
      override_action {
        count {}
      }
      statement {
        managed_rule_group_statement {
          name = "AWS-AWSManagedRulesSQLiRuleSet"
          vendor_name = "AWS"
        }
      }
      visibility_config {
        cloudwatch_metrics_enabled = false
        metric_name                = "foo_name"
        sampled_requests_enabled   = false
      }
    }
    tags = {
      Tag1 = "Value1"
    }
    visibility_config {
      metric_name = "foo"
      sampled_requests_enabled = false
      cloudwatch_metrics_enabled = false
    }   
}

This works fine, but adding more rules means that my code starts to turn into somewhat of a monolith.

Is there a way to create multiple rules in Terraform using dynamic_blocks or for_each or something else, in a way that looks cleaner and dry?

1 answers

solution1
 1 ACCPTED  2021-03-19 11:56:37

You use dynamic in combination with for_each like this:

Define a variable:

variable "rules" {
  type    = list
  default = [
    {
      name = "AWS-AWSManagedRulesLinuxRuleSet"
      priority = 0
      managed_rule_group_statement_name = "AWS-AWSManagedRulesLinuxRuleSet"
      managed_rule_group_statement_vendor_name = "AWS"
      metric_name = "foo_name"
    },
    {
      name = "AWS-AWSManagedRulesSQLiRuleSet"
      priority = 1
      managed_rule_group_statement_name = "AWS-AWSManagedRulesSQLiRuleSet"
      managed_rule_group_statement_vendor_name = "AWS"
      metric_name = "foo_name"
    }
  ]
}

Then use it in the resource:

dynamic "rule" {
  for_each = toset(var.rules)

  content {
    name = rule.value.name
    priority = rule.value.priority
    override_action {
      count {}
    }
    statement {
      managed_rule_group_statement {
        name = rule.value.managed_rule_group_statement_name
        vendor_name = rule.value.managed_rule_group_statement_vendor_name
      }
    }
    visibility_config {
      cloudwatch_metrics_enabled = false
      metric_name                = rule.value.metric_name
      sampled_requests_enabled   = false
    }
  }
}

(Note: Obviously this replaces your previous rule blocks. See also the documentation about Dynamic Blocks for more information.)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to Use Multiple Predicate ( Condition ) in one AWS WAF Rule with Terraform? Struggling to automate terraform WAF Terraform for_each variable to create multiple AWS listener rules and set a unique target_group_arn Terraform - Iterate and create Ingress Rules for a Security Group Create Terraform Cloudwatch Dashboards dynamically Make WAF Rules Exempt For an IP Create roles with multiple policies in Terraform terraform: is there a way to create iam policy statements dynamically? Terraform: Dynamically Create AWS EFS Mount Targets WAF for all ALBs in an account using terraform
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM