Closed asininemonkey closed 3 months ago
You could declare your own aws_wafv2_web_acl_logging_configuration
and set the logging filter, like so:
logging_filter {
default_behavior = "KEEP"
filter {
behavior = "DROP"
condition {
action_condition {
action = "ALLOW"
}
}
requirement = "MEETS_ALL"
}
}
This has been my workaround for a while now using this module
While that is a brilliant solution, having just tried it myself I see that my resource gets reverted by the module's own aws_wafv2_web_acl_logging_configuration.main[0]
resource. Running apply numerous times just results in a ping ping replacement of one resource over the other.
Being able to control the module's own logging filter still appears to be the best solution unless the ping pong issue I've just described can also be solved.
It's hard to say more without first seeing your plan. My best guess without looking is that you may need/want to do some terraform state maneuvering.
Is your feature request related to a problem? Please describe. Enabling logging logs all requests
Describe the solution you'd like Option to log only BLOCK requests
Describe alternatives you've considered No other option beyond declaring the entire WAF resource myself
Additional context N/A