update application gateway to include WAF protection

CDCgov · Dec 12, 2024 · 89f0269 · 89f0269
1 parent 040a1c6
commit 89f0269
Showing 1 changed file with 18 additions and 8 deletions.
diff --git a/ops/terraform/modules/app_gateway/main.tf b/ops/terraform/modules/app_gateway/main.tf
@@ -39,8 +39,23 @@ resource "azurerm_application_gateway" "load_balancer" {
   location            = var.resource_group_location
 
   sku {
-    name     = "Standard_v2"
-    tier     = "Standard_v2"
+    name = "WAF_v2"
+    tier = "WAF_v2" # WAF tier depreciated, set to WAF_v2 tier
+    # capacity = 2
+  }
+
+  autoscale_configuration {
+    min_capacity = 2
+    max_capacity = 5
+  }
+
+
+  # Enable Web Application Firewall
+  waf_configuration {
+    enabled          = true
+    firewall_mode    = "Prevention" # to block malicious traffic
+    rule_set_type    = "OWASP"
+    rule_set_version = "3.2"
   }
 
   gateway_ip_configuration {
@@ -272,9 +287,4 @@ resource "azurerm_application_gateway" "load_balancer" {
       }
     }
   }
-
-  autoscale_configuration {
-    min_capacity = 0
-    max_capacity = 5
-  }
-}
+}