-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
106 lines (86 loc) · 4.35 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
### Variables ###
variable "aws_region" {
type = "string"
}
variable "stack_prefix" {
type = "string"
description = "Stack name"
}
variable "alb_arn" {
type = "list"
description = "ARN of Application Load Balancer"
}
variable "SqlInjectionProtectionParam" {
"type" = "string"
"default" = "yes"
"description" = "Choose yes to enable the component designed to block common SQL injection attacks. AllowedValues: yes, no"
}
variable "CrossSiteScriptingProtectionParam" {
"type" = "string"
"default" = "yes"
"description" = "Choose yes to enable the component designed to block common XSS attacks. AllowedValues: yes, no"
}
variable "ActivateHttpFloodProtectionParam" {
"type" = "string"
"default" = "yes"
"description" = "Choose yes to enable the component designed to block HTTP flood attacks. AllowedValues: yes, no"
}
variable "ActivateScansProbesProtectionParam" {
"type" = "string"
"default" = "yes"
"description" = "Choose yes to enable the component designed to block scanners and probes. AllowedValues: yes, no"
}
variable "ActivateReputationListsProtectionParam" {
"type" = "string"
"default" = "yes"
"description" = "Choose yes to block requests from IP addresses on third-party reputation lists (supported lists: spamhaus, torproject, and emergingthreats). AllowedValues: yes, no"
}
variable "ActivateBadBotProtectionParam" {
"type" = "string"
"default" = "no"
"description" = "Choose yes to enable the component designed to block bad bots and content scrapers. AllowedValues: yes, no"
}
variable "AccessLogBucket" {
"type" = "string"
"description" = "(Required) Enter a name for the Amazon S3 bucket where you want to store Amazon ALB access logs. This can be the name of either an existing S3 bucket, or a new bucket that the template will create during stack launch (if it does not find a matching bucket name). The solution will modify the bucket's notification configuration to trigger the Log Parser AWS Lambda function whenever a new log file is saved in this bucket. More about bucket name restriction here: http://amzn.to/1p1YlU5"
}
variable "SendAnonymousUsageData" {
"type" = "string"
"default" = "yes"
"description" = "Send anonymous data to AWS to help us understand solution usage across our customer base as a whole. To opt out of this feature, select No. AllowedValues: yes, no"
}
variable "RequestThreshold" {
"type" = "string"
"default" = "2000"
"description" = "If you chose yes for the Activate HTTP Flood Protection parameter, enter the maximum acceptable requests per FIVE-minute period per IP address. Minimum value of 2000. If you chose to deactivate this protection, ignore this parameter. MinValue=2000"
}
variable "ErrorThreshold" {
"type" = "string"
"default" = "50"
"description" = "If you chose yes for the Activate Scanners & Probes Protection parameter, enter the maximum acceptable bad requests per minute per IP. If you chose to deactivate Scanners & Probes protection, ignore this parameter. MinValue=0"
}
variable "WAFBlockPeriod" {
"type" = "string"
"default" = "240"
"description" = "If you chose yes for the Activate Scanners & Probes Protection parameters, enter the period (in minutes) to block applicable IP addresses. If you chose to deactivate this protection, ignore this parameter. MinValue=0"
}
variable "WAFWhitelistedIPSets" {
"type" = "list"
"description" = "List of Whitelisted IP addresses"
}
### Data ###
data "aws_caller_identity" "current" {}
resource "random_string" "UniqueID" {
length = 32
special = false
}
### Conditions ###
locals {
SqlInjectionProtectionActivated = "${var.SqlInjectionProtectionParam == "yes" ? 1 : 0}"
CrossSiteScriptingProtectionActivated = "${var.CrossSiteScriptingProtectionParam == "yes" ? 1 : 0}"
HttpFloodProtectionActivated = "${var.ActivateHttpFloodProtectionParam == "yes" ? 1 : 0}"
ScansProbesProtectionActivated = "${var.ActivateScansProbesProtectionParam == "yes" ? 1 : 0}"
ReputationListsProtectionActivated = "${var.ActivateReputationListsProtectionParam == "yes" ? 1 : 0}"
BadBotProtectionActivated = "${var.ActivateBadBotProtectionParam == "yes" ? 1 : 0}"
LogParserActivated = "${var.ActivateScansProbesProtectionParam == "yes" ? 1 : 0}"
}