Amazon web services Terraform WAF Web ACL资源无用吗?
Terraform提供了一个。它可以连接到任何使用terraform(如ALB)的设备上吗?还是它毫无用处?随着发布的,现在可以直接创建区域WAF资源,以便与负载平衡器一起使用 现在可以创建、或中的任何一个,将它们链接到as谓词,然后依次将WAF规则添加到。最后,您可以使用将区域WAF连接到负载平衡器 区域WAF Web ACL关联资源文档提供了它们如何链接在一起的有用信息:Amazon web services Terraform WAF Web ACL资源无用吗?,amazon-web-services,terraform,Amazon Web Services,Terraform,Terraform提供了一个。它可以连接到任何使用terraform(如ALB)的设备上吗?还是它毫无用处?随着发布的,现在可以直接创建区域WAF资源,以便与负载平衡器一起使用 现在可以创建、或中的任何一个,将它们链接到as谓词,然后依次将WAF规则添加到。最后,您可以使用将区域WAF连接到负载平衡器 区域WAF Web ACL关联资源文档提供了它们如何链接在一起的有用信息: resource "aws_wafregional_ipset" "ipset" { name = "tfIPSet
resource "aws_wafregional_ipset" "ipset" {
name = "tfIPSet"
ip_set_descriptor {
type = "IPV4"
value = "192.0.7.0/24"
}
}
resource "aws_wafregional_rule" "foo" {
name = "tfWAFRule"
metric_name = "tfWAFRule"
predicate {
data_id = "${aws_wafregional_ipset.ipset.id}"
negated = false
type = "IPMatch"
}
}
resource "aws_wafregional_web_acl" "foo" {
name = "foo"
metric_name = "foo"
default_action {
type = "ALLOW"
}
rule {
action {
type = "BLOCK"
}
priority = 1
rule_id = "${aws_wafregional_rule.foo.id}"
}
}
resource "aws_vpc" "foo" {
cidr_block = "10.1.0.0/16"
}
data "aws_availability_zones" "available" {}
resource "aws_subnet" "foo" {
vpc_id = "${aws_vpc.foo.id}"
cidr_block = "10.1.1.0/24"
availability_zone = "${data.aws_availability_zones.available.names[0]}"
}
resource "aws_subnet" "bar" {
vpc_id = "${aws_vpc.foo.id}"
cidr_block = "10.1.2.0/24"
availability_zone = "${data.aws_availability_zones.available.names[1]}"
}
resource "aws_alb" "foo" {
internal = true
subnets = ["${aws_subnet.foo.id}", "${aws_subnet.bar.id}"]
}
resource "aws_wafregional_web_acl_association" "foo" {
resource_arn = "${aws_alb.foo.arn}"
web_acl_id = "${aws_wafregional_web_acl.foo.id}"
}
原职:
区域WAF资源已经被审查和放弃拉取请求的人员混合在一起,但计划在下个月进行
目前只有和资源可用,因此如果没有规则、ACL和关联资源来实际处理事情,它们就没有多大用处
在此之前,您可以将CloudFormation与Terraform自己的逃生舱一起使用,如下所示:
resource "aws_lb" "load_balancer" {
...
}
resource "aws_cloudformation_stack" "waf" {
name = "waf-example"
parameters {
ALBArn = "${aws_lb.load_balancer.arn}"
}
template_body = <<STACK
Parameters:
ALBArn:
Type: String
Resources:
WAF:
Type: AWS::WAFRegional::WebACL
Properties:
Name: WAF-Example
DefaultAction:
Type: BLOCK
MetricName: WafExample
Rules:
- Action:
Type: ALLOW
Priority: 2
RuleId:
Ref: WhitelistRule
WhitelistRule:
Type: AWS::WAFRegional::Rule
Properties:
Name: WAF-Example-Whitelist
MetricName: WafExampleWhiteList
Predicates:
- DataId:
Ref: ExternalAPIURI
Negated: false
Type: ByteMatch
ExternalAPIURI:
Type: AWS::WAFRegional::ByteMatchSet
Properties:
Name: WAF-Example-StringMatch
ByteMatchTuples:
- FieldToMatch:
Type: URI
PositionalConstraint: STARTS_WITH
TargetString: /public/
TextTransformation: NONE
WAFALBattachment:
Type: AWS::WAFRegional::WebACLAssociation
Properties:
ResourceArn:
Ref: ALBArn
WebACLId:
Ref: WAF
STACK
}
资源“aws\u lb”“负载平衡器”{
...
}
资源“aws\U云信息”堆栈“waf”{
name=“waf示例”
参数{
ALBArn=“${aws_lb.load_balancer.arn}”
}
模板体=