Amazon web services Terraform WAF Web ACL资源无用吗？_Amazon Web Services_Terraform

Amazon web services Terraform WAF Web ACL资源无用吗？

amazon-web-services terraform

Amazon web services Terraform WAF Web ACL资源无用吗？,amazon-web-services,terraform,Amazon Web Services,Terraform,Terraform提供了一个。它可以连接到任何使用terraform（如ALB）的设备上吗？还是它毫无用处？随着发布的，现在可以直接创建区域WAF资源，以便与负载平衡器一起使用现在可以创建、或中的任何一个，将它们链接到as谓词，然后依次将WAF规则添加到。最后，您可以使用将区域WAF连接到负载平衡器区域WAF Web ACL关联资源文档提供了它们如何链接在一起的有用信息： resource "aws_wafregional_ipset" "ipset" { name = "tfIPSet

Terraform提供了一个。它可以连接到任何使用terraform（如ALB）的设备上吗？还是它毫无用处？

随着发布的，现在可以直接创建区域WAF资源，以便与负载平衡器一起使用

现在可以创建、或中的任何一个，将它们链接到as谓词，然后依次将WAF规则添加到。最后，您可以使用将区域WAF连接到负载平衡器

区域WAF Web ACL关联资源文档提供了它们如何链接在一起的有用信息：

resource "aws_wafregional_ipset" "ipset" {
  name = "tfIPSet"

  ip_set_descriptor {
    type  = "IPV4"
    value = "192.0.7.0/24"
  }
}

resource "aws_wafregional_rule" "foo" {
  name        = "tfWAFRule"
  metric_name = "tfWAFRule"

  predicate {
    data_id = "${aws_wafregional_ipset.ipset.id}"
    negated = false
    type    = "IPMatch"
  }
}

resource "aws_wafregional_web_acl" "foo" {
  name = "foo"
  metric_name = "foo"
  default_action {
    type = "ALLOW"
  }
  rule {
    action {
      type = "BLOCK"
    }
    priority = 1
    rule_id = "${aws_wafregional_rule.foo.id}"
  }
}

resource "aws_vpc" "foo" {
  cidr_block = "10.1.0.0/16"
}

data "aws_availability_zones" "available" {}

resource "aws_subnet" "foo" {
  vpc_id = "${aws_vpc.foo.id}"
  cidr_block = "10.1.1.0/24"
  availability_zone = "${data.aws_availability_zones.available.names[0]}"
}

resource "aws_subnet" "bar" {
  vpc_id = "${aws_vpc.foo.id}"
  cidr_block = "10.1.2.0/24"
  availability_zone = "${data.aws_availability_zones.available.names[1]}"
}

resource "aws_alb" "foo" {
  internal = true
  subnets = ["${aws_subnet.foo.id}", "${aws_subnet.bar.id}"]
}

resource "aws_wafregional_web_acl_association" "foo" {
  resource_arn = "${aws_alb.foo.arn}"
  web_acl_id = "${aws_wafregional_web_acl.foo.id}"
}

原职：区域WAF资源已经被审查和放弃拉取请求的人员混合在一起，但计划在下个月进行

目前只有和资源可用，因此如果没有规则、ACL和关联资源来实际处理事情，它们就没有多大用处

在此之前，您可以将CloudFormation与Terraform自己的逃生舱一起使用，如下所示：

resource "aws_lb" "load_balancer" {
  ...
}

resource "aws_cloudformation_stack" "waf" {
  name = "waf-example"

  parameters {
    ALBArn = "${aws_lb.load_balancer.arn}"
  }

  template_body = <<STACK
Parameters:
  ALBArn:
    Type: String

Resources:
  WAF:
    Type: AWS::WAFRegional::WebACL
    Properties:
      Name: WAF-Example
      DefaultAction:
        Type: BLOCK
      MetricName: WafExample
      Rules:
        - Action:
            Type: ALLOW
          Priority: 2
          RuleId:
            Ref: WhitelistRule

  WhitelistRule:
    Type: AWS::WAFRegional::Rule
    Properties:
      Name: WAF-Example-Whitelist
      MetricName: WafExampleWhiteList
      Predicates:
        - DataId:
            Ref: ExternalAPIURI
          Negated: false
          Type: ByteMatch

  ExternalAPIURI:
    Type: AWS::WAFRegional::ByteMatchSet
    Properties:
      Name: WAF-Example-StringMatch
      ByteMatchTuples:
        - FieldToMatch:
            Type: URI
          PositionalConstraint: STARTS_WITH
          TargetString: /public/
          TextTransformation: NONE

  WAFALBattachment:
    Type: AWS::WAFRegional::WebACLAssociation
    Properties:
      ResourceArn:
        Ref: ALBArn
      WebACLId:
        Ref: WAF
STACK
}

资源“aws\u lb”“负载平衡器”{
...
}
资源“aws\U云信息”堆栈“waf”{
name=“waf示例”
参数{
ALBArn=“${aws_lb.load_balancer.arn}”
}
模板体=