mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 08:55:24 +00:00
3a43c1ebc2
# Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). Closes #10716
102 lines
1.9 KiB
HCL
102 lines
1.9 KiB
HCL
resource "aws_wafv2_rule_group" "main" {
|
|
name = var.name
|
|
scope = "REGIONAL"
|
|
capacity = 2
|
|
|
|
rule {
|
|
name = "countries"
|
|
priority = 1
|
|
|
|
action {
|
|
block {}
|
|
}
|
|
|
|
statement {
|
|
geo_match_statement {
|
|
country_codes = var.blocked_countries
|
|
}
|
|
}
|
|
|
|
visibility_config {
|
|
cloudwatch_metrics_enabled = false
|
|
metric_name = var.name
|
|
sampled_requests_enabled = false
|
|
}
|
|
}
|
|
|
|
rule {
|
|
name = "specific"
|
|
priority = 2
|
|
|
|
action {
|
|
block {}
|
|
}
|
|
|
|
statement {
|
|
ip_set_reference_statement {
|
|
arn = aws_wafv2_ip_set.main.arn
|
|
}
|
|
}
|
|
|
|
visibility_config {
|
|
cloudwatch_metrics_enabled = false
|
|
metric_name = var.name
|
|
sampled_requests_enabled = false
|
|
}
|
|
}
|
|
|
|
visibility_config {
|
|
cloudwatch_metrics_enabled = false
|
|
metric_name = var.name
|
|
sampled_requests_enabled = false
|
|
}
|
|
}
|
|
|
|
resource "aws_wafv2_ip_set" "main" {
|
|
name = var.name
|
|
scope = "REGIONAL"
|
|
ip_address_version = "IPV4"
|
|
addresses = var.blocked_addresses
|
|
}
|
|
|
|
resource "aws_wafv2_web_acl" "main" {
|
|
name = var.name
|
|
scope = "REGIONAL"
|
|
|
|
default_action {
|
|
allow {}
|
|
}
|
|
|
|
rule {
|
|
name = "rule-1"
|
|
priority = 1
|
|
|
|
override_action {
|
|
none {}
|
|
}
|
|
|
|
statement {
|
|
rule_group_reference_statement {
|
|
arn = aws_wafv2_rule_group.main.arn
|
|
}
|
|
}
|
|
|
|
visibility_config {
|
|
cloudwatch_metrics_enabled = false
|
|
metric_name = var.name
|
|
sampled_requests_enabled = false
|
|
}
|
|
}
|
|
|
|
visibility_config {
|
|
cloudwatch_metrics_enabled = false
|
|
metric_name = var.name
|
|
sampled_requests_enabled = false
|
|
}
|
|
}
|
|
|
|
resource "aws_wafv2_web_acl_association" "main" {
|
|
resource_arn = var.lb_arn
|
|
web_acl_arn = aws_wafv2_web_acl.main.arn
|
|
}
|