Releases: cloudposse/terraform-aws-waf
v1.0.0
Refactor. Add missing features. Terraform `aws` provider v5 compatibility @aknysh (#45)
what
- Refactor
- Add missing features
- Terraform
awsprovider v5 compatibility
why
-
Refactor code for the best practices. Update tests
-
Add missing features supported by the following resources:
-
Remove deprecated features not supported by Terraform
awsprovider v5:
related
Contributors
Assets 2
v0.4.0
feat: adds geo_allowlist_statement_rules variable and supporting rule @Gowiem (#34)
what
- Adds the
geo_allowlist_statement_rulesvariable and accompanying block - Updates to latest and greatest README + workflows via
make github/init+make readme
why
- This enables creating a rule that supports an allowlist of country codes instead of only supporting a blocklist via the existing
geo_match_statement_rules. This is accomplished via thenot_statementblock that is used in thegeo_allowlist_statement_rulesrule block. - Gets this module up to latest and greatest changes.
references
- N/A
Sync github @max-lobur (#35)
Rebuild github dir from the template
Contributors
Assets 2
v0.3.0
- No changes
v0.2.0
Adding CAPTCHA action support to all actions @vitali-federau-fivestars (#31)
what
- Adding CAPTCHA action support
- Bumping terraform and aws provider versions (as they are 2 years old)
why
- In our mostly geo location rule we need captcha for people to be able to access the website
- We had to use CAPTCHA in WAF rule but it was not supported
references
- Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow)
- It was introduced in 4.21.0 AWS provider: hashicorp/terraform-provider-aws#21754
- Closes #28 issue
Contributors
Assets 2
v0.1.0
Stop replacing single_header & single_query_argument with an int @paulerickson (#19)
what
- Some parts of statements get replaced by the number
1, resulting in an error when trying to access itsnameattribute
why
single_headerandsingle_query_argumentare unusable without anameattribute
references
- closes #2
git.io->cloudposse.tools update @dylanbannon (#16)
what and why
Change all references to git.io/build-harness into cloudposse.tools/build-harness, since git.io redirects will stop working on April 29th, 2022.
References
- DEV-143
Contributors
Assets 2
v0.0.4
π Enhancements
fix(regex-rule): bugfix for attribute lookup @dannyibishev (#13)
what
-
Added the right attribute lookup logic for the
single_headerand thesingle_query_argumentblocks of code regarding theregex_pattern_set_reference_statement_rulesdynamic block.This was done to rectify a misconfiguration and also follows the existing configuration design.
why
- Attribute lookup failed for single_header. The following screenshot was the error I was receiving
β 420: name = single_header.value.name
β βββββββββββββββββ
β β single_header.value is 1
β
β Can't access attributes on a primitive-typed value (number).FYI: Ignore the line number in the nippet. It's from an edited fork of your repo. But this bug does exist here as well
references
Contributors
Assets 2
v0.0.3
π€ Automatic Updates
Update context.tf @cloudpossebot (#8)
what
This is an auto-generated PR that updates the context.tf file to the latest version from cloudposse/terraform-null-label
why
To support all the features of the context interface.
Contributors
Assets 2
v0.0.2
Change redacted_fields variable type to map(any) @ian-bartholomew (#4)
what
- Changes
redacted_fieldstype tomap(any) - Changes
redacted_fieldsdefault to{}
why
- Specifying
log_destination_configsproduces an error:
β Error: Invalid dynamic for_each value
β
β on .terraform/modules/waf/main.tf line 15, in resource "aws_wafv2_web_acl_logging_configuration" "default":
β 15: for_each = var.redacted_fields
β βββββββββββββββββ
β β var.redacted_fields is null
β
β Cannot use a null value in for_each.
- Adding an empty
redacted_fieldsmap produces the following validation error:
β·
β Error: Invalid value for module argument
β
β on main.tf line 10, in module "waf":
β 10: redacted_fields = {}
β
β The given value is not suitable for child module variable "redacted_fields"
β defined at .terraform/modules/waf/variables.tf:435,1-27: attributes
β "method_enabled", "query_string_enabled", "single_header", and
β "uri_path_enabled" are required.
because the variable type constraint is expecting a variable shaped like:
redacted_fields = {
method_enabled = true
uri_path_enabled = false
query_string_enabled = false
single_header = []
}
While the code is expecting a map shaped like:
redacted_fields = {
foo = {
method_enabled = true
uri_path_enabled = false
query_string_enabled = false
single_header = []
}
}
- Adding a variable of the expected shape also produces errors like:
β·
β Error: Unsupported attribute
β
β on .terraform/modules/waf/main.tf line 19, in resource "aws_wafv2_web_acl_logging_configuration" "default":
β 19: for_each = redacted_fields.value.method_enabled ? [1] : []
β βββββββββββββββββ
β β redacted_fields.value is false
β
β This value does not have any attributes.
- Changing to
map(any)allows us to pass in an empty map when no redacted fields are needed, as well as pass in a map in the shape that the code is expecting
Contributors
Assets 2
Beta release
This initial implementation should be considered beta/pre-release. We think it is good, but the WAF rules are complicated and the Terraform provider is a very awkward fit for them, so it is likely there are problems lurking. Try it out and let us know.