Update WAF references from ingress module

thoughtbot · Mar 6, 2024 · 992f423 · 992f423
1 parent 1cdf883
commit 992f423
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 8 deletions.
diff --git a/aws/ingress/main.tf b/aws/ingress/main.tf
@@ -66,7 +66,7 @@ module "waf" {
   name                    = "${var.name}-waf"
   resource_arn            = module.alb.instance.arn
   aws_managed_rule_groups = var.waf_aws_managed_rule_groups
-  rate_limit              = var.waf_rate_limit
+  rate_limit_rules        = var.waf_rate_limit
 
   allowed_ip_list = var.waf_allowed_ip_list
   block_ip_list   = var.waf_block_ip_list

diff --git a/aws/ingress/variables.tf b/aws/ingress/variables.tf
@@ -158,13 +158,16 @@ variable "waf_aws_managed_rule_groups" {
 
 variable "waf_rate_limit" {
   description = "Applicable if WAF is enabled. Rule statement to track and rate limits requests when they are coming at too fast a rate.. For more details, visit - https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html"
-  type = object({
-    Priority       = number                 # Relative processing order for rate limit rule relative to other rules processed by AWS WAF.
-    Limit          = optional(number, 1000) # This is the limit on requests from any single IP address within a 5 minute period
-    count_override = optional(bool, false)  # If true, this will override the rule action setting to `count`, if false, the rule action will be set to `block`. Default value is false.
-  })
+  type = map(object({
+    name           = string                     # Name of the Rate limit rule group
+    priority       = number                     # Relative processing order for rate limit rule relative to other rules processed by AWS WAF.
+    limit          = optional(number, 2000)     # This is the limit on requests from any single IP address within a 5 minute period
+    count_override = optional(bool, false)      # If true, this will override the rule action setting to `count`, if false, the rule action will be set to `block`. Default value is false.
+    country_list   = optional(list(string), []) # List of countries to apply the rate limit to. If populated, from other countries will be ignored by this rule. IF empty, the rule will apply to all traffic.
+  }))
   default = {
-    Priority = 10
-    Limit    = 1000
+    name     = "General"
+    priority = 10
+    limit    = 2000
   }
 }