search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.8k stars 9.15k forks source link

No Geo match Conditions on AWS WAF #2529

Closed moonyoungheo closed 6 years ago

moonyoungheo commented 6 years ago

Hi there,

Issue

I am trying to set Geo match condition on AWS WAF through Terraform but I cannot find any document and resources about it. Could I set Geo match condition on AWS WAF through Terraform?

Terraform Version

v0.10.6

Affected Resource(s)

aws_waf_web_acl aws_waf_rule

apparentlymart commented 6 years ago

Hi @moonyoungheo!

Geographic Matching is a relatively new feature in WAF added in October, and unfortunately Terraform has not yet been updated to support it.

The Terraform team at HashiCorp won't be able to work on this in the near future due to our focus being elsewhere, but we'd be happy to review a pull request if you or someone else has the time and motivation to implement it. Alternatively, if others would also like to see this implemented I'd encourage adding a :+1: upvote reaction to the original issue comment (not to this comment), which we use as one of the inputs to prioritize work for the Terraform team.

mikesouza commented 6 years ago

@apparentlymart

The Terraform team at HashiCorp won't be able to work on this in the near future due to our focus being elsewhere, but we'd be happy to review a pull request if you or someone else has the time and motivation to implement it. Alternatively, if others would also like to see this implemented I'd encourage adding a πŸ‘ upvote reaction to the original issue comment (not to this comment), which we use as one of the inputs to prioritize work for the Terraform team.

Understandable, thanks for your hard work. I’ve implemented geo matching in PR #3275, awaiting review.

mikesouza commented 6 years ago

Why would that matter? The TF AWS Provider doesn’t use CloudFormation, it uses the AWS SDK which does support WAF Geo Matchsets.

On Tue, Mar 13, 2018 at 5:31 PM Thomas Steffes notifications@github.com wrote:

FWIW for others that find there way here -- It looks like AWS Cloudformation doesn't support WAF geo matchers yet, so that might be the true source of the issue.

β€” You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/terraform-providers/terraform-provider-aws/issues/2529#issuecomment-372825580, or mute the thread https://github.com/notifications/unsubscribe-auth/AA-FtAkhAXsLadnIxrCjmNY5ZBp1f3Wbks5teDq3gaJpZM4Q0bn4 .

dcohan commented 6 years ago

Hi there, I'm having problems with this option not being implemented in wafregional, was this part of the scope? Thanks

mikesouza commented 6 years ago

Unfortunately no, I only implemented this for global WAF WebACLs.

I would create another feature request for regional WAF support.

EDIT: Nevermind, looks like someone implemented it for wafregional as well :).

On Tue, Apr 3, 2018 at 12:07 PM David Cohan notifications@github.com wrote:

Hi there, I'm having problems with this option not being implemented in wafregional, was this part of the scope? Thanks

β€” You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/terraform-providers/terraform-provider-aws/issues/2529#issuecomment-378304429, or mute the thread https://github.com/notifications/unsubscribe-auth/AA-FtOZ1rgs608bgrnllfPdYxY5CAlcEks5tk54ngaJpZM4Q0bn4 .

radeksimko commented 6 years ago

aws_wafregional_geo_match_set is already implemented and part of the latest release: https://www.terraform.io/docs/providers/aws/r/wafregional_geo_match_set.html

We just need to fix the incorrectly formatted docs πŸ™ˆ

dcohan commented 6 years ago

I saw the doc, but the rule for that cannot be applied.

On Tue, Apr 3, 2018 at 1:21 PM, Radek Simko notifications@github.com wrote:

aws_wafregional_geo_matchset is already implemented and part of the latest release: https://www.terraform.io/docs/providers/aws/r/wafregional geo_match_set.html

We just need to fix the incorrectly formatted docs πŸ™ˆ

β€” You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/terraform-providers/terraform-provider-aws/issues/2529#issuecomment-378309106, or mute the thread https://github.com/notifications/unsubscribe-auth/AEPhSXty_aAdlCGvjLq-fPrSlDlRQeq8ks5tk6F6gaJpZM4Q0bn4 .

-- David Cohan

radeksimko commented 6 years ago

@dcohan I'm not sure I follow, but it sounds like a reason for opening a new issue.

dcohan commented 6 years ago

So, Im trying to create a geo rule like this:

resource "aws_wafregional_geo_match_set" "geo_match_set" { name = "geo_match_set"

geo_match_constraint { type = "Country" value = "AR" } }

resource "aws_wafregional_rule" "georule" { depends_on = ["aws_wafregional_geo_match_set.geo_match_set"] name = "${var.group}-${var.environment}-waf-geo-rule" metric_name = "${var.group}${var.environment}wafgeorule"

predicate { data_id = "${aws_wafregional_geo_match_set.geo_match_set.id}" negated = false type = "GeoMatch" } }

first I create a match set limiting access to ARgentine only, then add that match to a rule with type="GeoMatch", and Im having an error about the type="GeoMatch" not available yet

On Tue, Apr 3, 2018 at 1:38 PM, Radek Simko notifications@github.com wrote:

@dcohan https://github.com/dcohan I'm not sure I follow, but it sounds like a reason for opening a new issue.

β€” You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/terraform-providers/terraform-provider-aws/issues/2529#issuecomment-378314792, or mute the thread https://github.com/notifications/unsubscribe-auth/AEPhSQSlPVpx1YMzA3HT5ggQxI6tPNzOks5tk6V_gaJpZM4Q0bn4 .

-- David Cohan

radeksimko commented 6 years ago

@dcohan Yeah, I think we don't have this field implemented in aws_wafregional_rule. Can you open a new issue for this, please?

The formatting is now fixed btw. https://www.terraform.io/docs/providers/aws/r/wafregional_geo_match_set.html

dcohan commented 6 years ago

Thanks Radek, I've opened a ticket for this already:

https://github.com/terraform-providers/terraform-provider-aws/issues/4039

Again, thanks for taking time for this!

On Wed, Apr 4, 2018 at 3:59 AM, Radek Simko notifications@github.com wrote:

@dcohan https://github.com/dcohan Yeah, I think we don't have this field implemented in aws_wafregional_rule. Can you open a new issue for this, please?

The formatting is now fixed btw. https://www.terraform.io/docs/ providers/aws/r/wafregional_geo_match_set.html

β€” You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/terraform-providers/terraform-provider-aws/issues/2529#issuecomment-378500439, or mute the thread https://github.com/notifications/unsubscribe-auth/AEPhSXpxPMf6NQrW59YytloD1fNnzTrFks5tlG9KgaJpZM4Q0bn4 .

-- David Cohan

ghost commented 4 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!