terraform-aws-waf-webaclv2
terraform-aws-waf-webaclv2 copied to clipboard
Published
20 hours ago •
umotif-public
umotif-public
add: missing NOT regex_pattern_set_reference_statement dynamic blocks
Description
When using and_statement within rate_based_statement we cannot add negated regex_pattern_set_reference_statement cause the corresponding dynamic block is missing.
Example:
rules = [
{
name = "example_rate_limit"
priority = "3"
action = "count"
visibility_config = {
cloudwatch_metrics_enabled = true
metric_name = "example_rate_limit"
sampled_requests_enabled = true
}
rate_based_statement = {
limit = 3000
aggregate_key_type = "IP"
scope_down_statement = {
and_statement = {
statements = [
{
byte_match_statement = {
field_to_match = {
single_header = {
name = "Host"
}
}
positional_constraint = "STARTS_WITH"
search_string = "example."
priority = 0
type = "NONE"
}
},
{
not_statement = {
regex_pattern_set_reference_statement = {
arn = aws_wafv2_regex_pattern_set.example.arn
field_to_match = {
uri_path = "{}"
}
priority = 0
type = "LOWERCASE"
}
}
}
]
}
}
}
}
]
produces:
+ rule {
+ name = "example_rate_limit"
+ priority = 3
+ action {
+ count {
}
}
+ statement {
+ rate_based_statement {
+ aggregate_key_type = "IP"
+ limit = 3000
+ scope_down_statement {
+ and_statement {
+ statement {
+ byte_match_statement {
+ positional_constraint = "STARTS_WITH"
+ search_string = "example."
+ field_to_match {
}
+ text_transformation {
+ priority = 0
+ type = "NONE"
}
}
}
+ statement {
+ not_statement {
+ statement {
}
}
}
}
}
}
}
Also added:
-
custom_keyblock (was missing) -
size_constraint_statementblock inand_statement
