Feature/add ipset support (#50)

* Add support for ipset

* Try fixing mapping lookup

* Try fixing mapping lookup again

* Try fixing mapping lookup 3

* Try forcing dependency

* Test only with generated arn

* Try referencing resource in for_each

* Fix block naming

* Fix iterator name

* Try forcing ip_set creation

* Fix variable naming

* Fix bad description

* Revert unecessary dynamic block

* Regenerate readme

* Fix readme

* Fix missing arn

README.md

@@ -192,12 +192,14 @@ Available targets:
 
 | Name | Source | Version |
 |------|--------|---------|
+| <a name="module_ip_set_label"></a> [ip\_set\_label](#module\_ip\_set\_label) | cloudposse/label/null | 0.25.0 |
 | <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |
 
 ## Resources
 
 | Name | Type |
 |------|------|
+| [aws_wafv2_ip_set.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_ip_set) | resource |
 | [aws_wafv2_web_acl.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl) | resource |
 | [aws_wafv2_web_acl_association.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl_association) | resource |
 | [aws_wafv2_web_acl_logging_configuration.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl_logging_configuration) | resource |
@@ -221,7 +223,7 @@ Available targets:
 | <a name="input_geo_allowlist_statement_rules"></a> [geo\_allowlist\_statement\_rules](#input\_geo\_allowlist\_statement\_rules) | A rule statement used to identify a list of allowed countries which should not be blocked by the WAF.<br><br>name:<br>  A friendly name of the rule.<br>priority:<br>  If you define more than one Rule in a WebACL,<br>  AWS WAF evaluates each request against the rules in order based on the value of priority.<br>  AWS WAF processes rules with lower priority first.<br><br>captcha\_config:<br> Specifies how AWS WAF should handle CAPTCHA evaluations.<br><br> immunity\_time\_property:<br>   Defines custom immunity time.<br><br>   immunity\_time:<br>   The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.<br><br>rule\_label:<br>   A List of labels to apply to web requests that match the rule match statement<br><br>statement:<br>  country\_codes:<br>    A list of two-character country codes.<br>  forwarded\_ip\_config:<br>    fallback\_behavior:<br>      The match status to assign to the web request if the request doesn't have a valid IP address in the specified position.<br>      Possible values: `MATCH`, `NO_MATCH`<br>    header\_name:<br>      The name of the HTTP header to use for the IP address.<br><br>visibility\_config:<br>  Defines and enables Amazon CloudWatch metrics and web request sample collection.<br><br>  cloudwatch\_metrics\_enabled:<br>    Whether the associated resource sends metrics to CloudWatch.<br>  metric\_name:<br>    A friendly name of the CloudWatch metric.<br>  sampled\_requests\_enabled:<br>    Whether AWS WAF should store a sampling of the web requests that match the rules. | `list(any)` | `null` | no |
 | <a name="input_geo_match_statement_rules"></a> [geo\_match\_statement\_rules](#input\_geo\_match\_statement\_rules) | A rule statement used to identify web requests based on country of origin.<br><br>action:<br>  The action that AWS WAF should take on a web request when it matches the rule's statement.<br>name:<br>  A friendly name of the rule.<br>priority:<br>  If you define more than one Rule in a WebACL,<br>  AWS WAF evaluates each request against the rules in order based on the value of priority.<br>  AWS WAF processes rules with lower priority first.<br><br>captcha\_config:<br> Specifies how AWS WAF should handle CAPTCHA evaluations.<br><br> immunity\_time\_property:<br>   Defines custom immunity time.<br><br>   immunity\_time:<br>   The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.<br><br>rule\_label:<br>   A List of labels to apply to web requests that match the rule match statement<br><br>statement:<br>  country\_codes:<br>    A list of two-character country codes.<br>  forwarded\_ip\_config:<br>    fallback\_behavior:<br>      The match status to assign to the web request if the request doesn't have a valid IP address in the specified position.<br>      Possible values: `MATCH`, `NO_MATCH`<br>    header\_name:<br>      The name of the HTTP header to use for the IP address.<br><br>visibility\_config:<br>  Defines and enables Amazon CloudWatch metrics and web request sample collection.<br><br>  cloudwatch\_metrics\_enabled:<br>    Whether the associated resource sends metrics to CloudWatch.<br>  metric\_name:<br>    A friendly name of the CloudWatch metric.<br>  sampled\_requests\_enabled:<br>    Whether AWS WAF should store a sampling of the web requests that match the rules. | `list(any)` | `null` | no |
 | <a name="input_id_length_limit"></a> [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).<br>Set to `0` for unlimited length.<br>Set to `null` for keep the existing setting, which defaults to `0`.<br>Does not affect `id_full`. | `number` | `null` | no |
-| <a name="input_ip_set_reference_statement_rules"></a> [ip\_set\_reference\_statement\_rules](#input\_ip\_set\_reference\_statement\_rules) | A rule statement used to detect web requests coming from particular IP addresses or address ranges.<br><br>action:<br>  The action that AWS WAF should take on a web request when it matches the rule's statement.<br>name:<br>  A friendly name of the rule.<br>priority:<br>  If you define more than one Rule in a WebACL,<br>  AWS WAF evaluates each request against the rules in order based on the value of priority.<br>  AWS WAF processes rules with lower priority first.<br><br>captcha\_config:<br> Specifies how AWS WAF should handle CAPTCHA evaluations.<br><br> immunity\_time\_property:<br>   Defines custom immunity time.<br><br>   immunity\_time:<br>   The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.<br><br>rule\_label:<br>   A List of labels to apply to web requests that match the rule match statement<br><br>statement:<br>  arn:<br>    The ARN of the IP Set that this statement references.<br>  ip\_set\_forwarded\_ip\_config:<br>    fallback\_behavior:<br>      The match status to assign to the web request if the request doesn't have a valid IP address in the specified position.<br>      Possible values: `MATCH`, `NO_MATCH`<br>    header\_name:<br>      The name of the HTTP header to use for the IP address.<br>    position:<br>      The position in the header to search for the IP address.<br>      Possible values include: `FIRST`, `LAST`, or `ANY`.<br><br>visibility\_config:<br>  Defines and enables Amazon CloudWatch metrics and web request sample collection.<br><br>  cloudwatch\_metrics\_enabled:<br>    Whether the associated resource sends metrics to CloudWatch.<br>  metric\_name:<br>    A friendly name of the CloudWatch metric.<br>  sampled\_requests\_enabled:<br>    Whether AWS WAF should store a sampling of the web requests that match the rules. | `list(any)` | `null` | no |
+| <a name="input_ip_set_reference_statement_rules"></a> [ip\_set\_reference\_statement\_rules](#input\_ip\_set\_reference\_statement\_rules) | A rule statement used to detect web requests coming from particular IP addresses or address ranges.<br><br>action:<br>  The action that AWS WAF should take on a web request when it matches the rule's statement.<br>name:<br>  A friendly name of the rule.<br>priority:<br>  If you define more than one Rule in a WebACL,<br>  AWS WAF evaluates each request against the rules in order based on the value of priority.<br>  AWS WAF processes rules with lower priority first.<br><br>captcha\_config:<br> Specifies how AWS WAF should handle CAPTCHA evaluations.<br><br> immunity\_time\_property:<br>   Defines custom immunity time.<br><br>   immunity\_time:<br>   The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.<br><br>rule\_label:<br>   A List of labels to apply to web requests that match the rule match statement<br><br>statement:<br>  arn:<br>    The ARN of the IP Set that this statement references.<br>  ip\_set:<br>    Defines a new IP Set<br><br>    description:<br>      A friendly description of the IP Set<br>    addresses:<br>      Contains an array of strings that specifies zero or more IP addresses or blocks of IP addresses.<br>      All addresses must be specified using Classless Inter-Domain Routing (CIDR) notation.<br>    ip\_address\_version:<br>      Specify `IPV4` or `IPV6`<br>  ip\_set\_forwarded\_ip\_config:<br>    fallback\_behavior:<br>      The match status to assign to the web request if the request doesn't have a valid IP address in the specified position.<br>      Possible values: `MATCH`, `NO_MATCH`<br>    header\_name:<br>      The name of the HTTP header to use for the IP address.<br>    position:<br>      The position in the header to search for the IP address.<br>      Possible values include: `FIRST`, `LAST`, or `ANY`.<br><br>visibility\_config:<br>  Defines and enables Amazon CloudWatch metrics and web request sample collection.<br><br>  cloudwatch\_metrics\_enabled:<br>    Whether the associated resource sends metrics to CloudWatch.<br>  metric\_name:<br>    A friendly name of the CloudWatch metric.<br>  sampled\_requests\_enabled:<br>    Whether AWS WAF should store a sampling of the web requests that match the rules. | `list(any)` | `null` | no |
 | <a name="input_label_key_case"></a> [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.<br>Does not affect keys of tags passed in via the `tags` input.<br>Possible values: `lower`, `title`, `upper`.<br>Default value: `title`. | `string` | `null` | no |
 | <a name="input_label_order"></a> [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.<br>Defaults to ["namespace", "environment", "stage", "name", "attributes"].<br>You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no |
 | <a name="input_label_value_case"></a> [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,<br>set as tag values, and output by this module individually.<br>Does not affect values of tags passed in via the `tags` input.<br>Possible values: `lower`, `title`, `upper` and `none` (no transformation).<br>Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.<br>Default value: `lower`. | `string` | `null` | no |
@@ -288,6 +290,7 @@ For additional context, refer to some of these links.
 - [terraform-provider-aws](https://registry.terraform.io/providers/hashicorp/aws/latest) - Terraform AWS provider
 - [aws_wafv2_web_acl](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl.html) - Creates a WAFv2 Web ACL resource
 - [aws_wafv2_web_acl_logging_configuration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl_logging_configuration.html) - Creates a WAFv2 Web ACL Logging Configuration
+- [aws_wafv2_ip_set](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_ip_set) - Creates a WAFv2 Web ACL resource
 
 
 ## Help

README.yaml

@@ -67,6 +67,9 @@ references:
   - name: aws_wafv2_web_acl_logging_configuration
     description: Creates a WAFv2 Web ACL Logging Configuration
     url: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl_logging_configuration.html
+  - name: aws_wafv2_ip_set
+    description: Creates a WAFv2 Web ACL resource
+    url: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_ip_set
 
 description: |-
   Terraform module to create and manage AWS WAFv2 rules.