cloudposse · aknysh · Oct 4, 2023 · Oct 4, 2023 · Oct 4, 2023
@@ -215,6 +215,7 @@ Available targets:
 | <a name="input_context"></a> [context](#input\_context) | Single object for setting entire context at once.<br>See description of individual variables for details.<br>Leave string and numeric variables as `null` to use default value.<br>Individual variable settings (non-null) override settings in context object,<br>except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | <pre>{<br>  "additional_tag_map": {},<br>  "attributes": [],<br>  "delimiter": null,<br>  "descriptor_formats": {},<br>  "enabled": true,<br>  "environment": null,<br>  "id_length_limit": null,<br>  "label_key_case": null,<br>  "label_order": [],<br>  "label_value_case": null,<br>  "labels_as_tags": [<br>    "unset"<br>  ],<br>  "name": null,<br>  "namespace": null,<br>  "regex_replace_chars": null,<br>  "stage": null,<br>  "tags": {},<br>  "tenant": null<br>}</pre> | no |
 | <a name="input_custom_response_body"></a> [custom\_response\_body](#input\_custom\_response\_body) | Defines custom response bodies that can be referenced by custom\_response actions.<br>The map keys are used as the `key` attribute which is a unique key identifying the custom response body.<br>content:<br>  Payload of the custom response.<br>  The response body can be plain text, HTML or JSON and cannot exceed 4KB in size.<br>content\_type:<br>  Content Type of Response Body.<br>  Valid values are `TEXT_PLAIN`, `TEXT_HTML`, or `APPLICATION_JSON`. | <pre>map(object({<br>    content      = string<br>    content_type = string<br>  }))</pre> | `{}` | no |
 | <a name="input_default_action"></a> [default\_action](#input\_default\_action) | Specifies that AWS WAF should allow requests by default. Possible values: `allow`, `block`. | `string` | `"block"` | no |
+| <a name="input_default_block_response"></a> [default\_block\_response](#input\_default\_block\_response) | A HTTP response code that is sent when default block action is used. Only takes effect if default\_action is set to `block`. | `string` | `null` | no |
 | <a name="input_delimiter"></a> [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.<br>Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
 | <a name="input_description"></a> [description](#input\_description) | A friendly description of the WebACL. | `string` | `"Managed by Terraform"` | no |
 | <a name="input_descriptor_formats"></a> [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.<br>Map of maps. Keys are names of descriptors. Values are maps of the form<br>`{<br>   format = string<br>   labels = list(string)<br>}`<br>(Type is `any` so the map values can later be enhanced to provide additional options.)<br>`format` is a Terraform format string to be passed to the `format()` function.<br>`labels` is a list of labels, in order, to pass to `format()` function.<br>Label values will be normalized before being passed to `format()` so they will be<br>identical to how they appear in `id`.<br>Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no |

@@ -39,6 +39,7 @@
 | <a name="input_context"></a> [context](#input\_context) | Single object for setting entire context at once.<br>See description of individual variables for details.<br>Leave string and numeric variables as `null` to use default value.<br>Individual variable settings (non-null) override settings in context object,<br>except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | <pre>{<br>  "additional_tag_map": {},<br>  "attributes": [],<br>  "delimiter": null,<br>  "descriptor_formats": {},<br>  "enabled": true,<br>  "environment": null,<br>  "id_length_limit": null,<br>  "label_key_case": null,<br>  "label_order": [],<br>  "label_value_case": null,<br>  "labels_as_tags": [<br>    "unset"<br>  ],<br>  "name": null,<br>  "namespace": null,<br>  "regex_replace_chars": null,<br>  "stage": null,<br>  "tags": {},<br>  "tenant": null<br>}</pre> | no |
 | <a name="input_custom_response_body"></a> [custom\_response\_body](#input\_custom\_response\_body) | Defines custom response bodies that can be referenced by custom\_response actions.<br>The map keys are used as the `key` attribute which is a unique key identifying the custom response body.<br>content:<br>  Payload of the custom response.<br>  The response body can be plain text, HTML or JSON and cannot exceed 4KB in size.<br>content\_type:<br>  Content Type of Response Body.<br>  Valid values are `TEXT_PLAIN`, `TEXT_HTML`, or `APPLICATION_JSON`. | <pre>map(object({<br>    content      = string<br>    content_type = string<br>  }))</pre> | `{}` | no |
 | <a name="input_default_action"></a> [default\_action](#input\_default\_action) | Specifies that AWS WAF should allow requests by default. Possible values: `allow`, `block`. | `string` | `"block"` | no |
+| <a name="input_default_block_response"></a> [default\_block\_response](#input\_default\_block\_response) | A HTTP response code that is sent when default block action is used. Only takes effect if default\_action is set to `block`. | `string` | `null` | no |
 | <a name="input_delimiter"></a> [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.<br>Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no |
 | <a name="input_description"></a> [description](#input\_description) | A friendly description of the WebACL. | `string` | `"Managed by Terraform"` | no |
 | <a name="input_descriptor_formats"></a> [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.<br>Map of maps. Keys are names of descriptors. Values are maps of the form<br>`{<br>   format = string<br>   labels = list(string)<br>}`<br>(Type is `any` so the map values can later be enhanced to provide additional options.)<br>`format` is a Terraform format string to be passed to the `format()` function.<br>`labels` is a list of labels, in order, to pass to `format()` function.<br>Label values will be normalized before being passed to `format()` so they will be<br>identical to how they appear in `id`.<br>Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no |

@@ -107,7 +107,14 @@ resource "aws_wafv2_web_acl" "default" {
 
     dynamic "block" {
       for_each = var.default_action == "block" ? [true] : []
-      content {}
+      content {
+        dynamic "custom_response" {
+          for_each = var.default_block_response != null ? [true] : []
+          content {
+            response_code = var.default_block_response
+          }
+        }
+      }
     }
   }
 

@@ -1035,3 +1035,12 @@ variable "association_resource_arns" {
   DOC
   nullable    = false
 }
+
+variable "default_block_response" {
+  type        = string
+  default     = null
+  description = <<-DOC
+    A HTTP response code that is sent when default block action is used. Only takes effect if default_action is set to `block`.
+  DOC
+  nullable    = true
+}