Remove geo location scope down statement for header match block since…

… it's not supported
thoughtbot · Apr 3, 2024 · c1208b2 · c1208b2
1 parent 2c83c26
commit c1208b2
Showing 1 changed file with 2 additions and 23 deletions.
diff --git a/aws/waf/main.tf b/aws/waf/main.tf
@@ -14,7 +14,8 @@ resource "aws_wafv2_web_acl" "main" {
   }
 
   dynamic "rule" {
-    for_each = var.header_match_rules
+    # for_each = var.header_match_rules == null ? {} : var.header_match_rules
+    for_each = var.header_match_rules == null ? {} : var.header_match_rules
     content {
       name     = "${rule.value["name"]}-header-match-rule"
       priority = rule.value["priority"]
@@ -47,28 +48,6 @@ resource "aws_wafv2_web_acl" "main" {
             priority = 1
             type     = "LOWERCASE"
           }
-
-          dynamic "scope_down_statement" {
-            for_each = length(concat(rule.value["country_list"], rule.value["exempt_country_list"])) > 0 ? [1] : []
-            content {
-              dynamic "geo_match_statement" {
-                for_each = length(rule.value["country_list"]) > 0 ? [1] : []
-                content {
-                  country_codes = rule.value["country_list"]
-                }
-              }
-              dynamic "not_statement" {
-                for_each = length(rule.value["exempt_country_list"]) > 0 ? [1] : []
-                content {
-                  statement {
-                    geo_match_statement {
-                      country_codes = rule.value["exempt_country_list"]
-                    }
-                  }
-                }
-              }
-            }
-          }
         }
       }
       visibility_config {