WAF Module
Deploy AWS WAFv2 web ACLs with IP blocking, rate limiting, and rule priorities.
What You'll Build
- WAFv2 IP set for blocked or allowed addresses
- Web ACL with rule ordering
- Rate-based rules for DDoS mitigation
- Geo-blocking rules
- SQL injection and XSS protection
- CloudWatch metrics and logging
How to Use
module "waf_alb" {
source = "github.com/nnthanh101/terraform-aws/modules/waf"
web_acl_name = "alb-protection"
scope = "REGIONAL" # or "CLOUDFRONT"
# IP set for blocking
ip_set_name = "blocked-ips"
ip_addresses = [
"192.0.2.1/32",
"198.51.100.0/24"
]
# Rules with priorities
rules = [
{
name = "RateLimitRule"
priority = 0
action = "BLOCK"
limit = 2000 # requests per 5 minutes
},
{
name = "AWSManagedRulesCommonRuleSet"
priority = 1
action = "BLOCK"
}
]
# CloudWatch logging
log_group_name = aws_cloudwatch_log_group.waf.name
tags = {
Environment = "prod"
}
}
Key Variables
| Variable | Type | Purpose |
|---|---|---|
web_acl_name | string | WAF web ACL name |
scope | string | REGIONAL (ALB/API Gateway) or CLOUDFRONT |
ip_set_name | string | IP set for blocked/allowed IPs |
ip_addresses | list(string) | CIDR blocks to block or allow |
rules | list(object) | WAF rules with priority and action |
log_group_name | string | CloudWatch log group for WAF logs |
default_action | string | BLOCK or ALLOW (default action) |
Outputs
| Output | Use Case |
|---|---|
web_acl_arn | Associate with ALB, API Gateway, CloudFront |
web_acl_id | CloudWatch metrics and monitoring |
Rule Types
- IP Reputation List: AWS-managed rules for known bad actors
- AWS Managed Rules: Core rule set (SQL injection, XSS, etc.)
- Rate Limiting: Block IPs exceeding threshold
- Geo-Blocking: Block traffic from specific countries
- Custom Rules: Application-specific patterns
Integration
- ALB: Associate WAF web ACL with ALB
- CloudFront: Regional WAF for CloudFront distributions
- API Gateway: Protect REST APIs with WAF
Monitoring
- CloudWatch Metrics: Requests blocked, allowed, counted
- CloudWatch Logs: Detailed request information for analysis
- AWS Console: Real-time traffic dashboard
Source Reference
Module: terraform-aws/modules/waf