Add aws_waf_rule_attach so rules can be attached later.

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.

https://registry.terraform.io/providers/hashicorp/aws

Mozilla Public License 2.0

9.81k stars 9.16k forks source link

Add aws_waf_rule_attach so rules can be attached later. #6198

Open digitalfiz opened 6 years ago

digitalfiz commented 6 years ago

Description

Add a aws_waf_rule_attach resource so rules can be attached to groups or ACL's directly later. Kind of like how security groups work. Where you can choose to add ingress or egress rules directly in the sg resource or attach them later.

New or Affected Resource(s)

waf_web_acl
waf_rule_group

Potential Terraform Configuration

resource "aws_waf_rule" "example" {
  name        = "example"
  metric_name = "example"
}

resource "aws_waf_web_acl" "waf_acl" {
  name        = "tfWebACL"
  metric_name = "tfWebACL"

  default_action {
    type = "ALLOW"
  }
}

resource "aws_waf_rule_attach" "waf_acl_attach" {
    action {
      type = "BLOCK"
    }

    priority    = 1
    rule_id     = aws_waf_rule.example.id
    web_acl_id  = aws_waf_web_acl.waf_acl.id
    type        = "REGULAR"
}

References

none that I could find

manali14 commented 5 years ago

Is there any update on this? We have a similar requirement and looking for a workaround.

github-actions[bot] commented 3 years ago

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

digitalfiz commented 3 years ago

I think these bot actions that mark issues as stale are the reason why so many issues have people just commenting +1 on them. Inaction on the devs part does not signify a problem has just magically gone away.

SharkofMirkwood commented 2 years ago

I know this is an old issue, but I'd like to add a +1 here. There is a pretty big use case for this: ACLs created by the FIrewall Manager that need to have additional rules added at a more granular level. The only way to handle this atm is to import the resources into the TF state after the Firewall Manager has created them, which is quite tedious.

a-weiss-programmer commented 7 months ago

Adding a +1 here. The workflow for importing this into terraform and working with it is quite annoying, and even when imported, it makes it very difficult to add rules in a maintainable or repeatable way across multiple deployments.