terraform-cloudflare-waf

A Terraform module for creating and managing a Cloudfare Web Application Firewall resource.

_This module supports Terraform version 0.14.7 up to (not including) version 2.0 and is compatible with the Terraform Cloudfare Provider version 3

This module is part of our Infrastructure as Code (IaC) framework that enables our users and customers to easily deploy and manage reusable, secure, and production-grade cloud infrastructure.

• Module Features
• Getting Started
• Module Argument Reference
  • Main Resource Configuration
  • Module Configuration
• Module Outputs
• External Documentation
  • Cloudfare Documentation
  • Terraform AWS Provider Documentation
• Module Versioning
  • Backwards compatibility in 0.0.z and 0.y.z version
• About Mineiros
• Reporting Issues
• Contributing
• Makefile Targets
• License

Module Features

This module implements the following Terraform resources

• cloudflare_waf_packages
• cloudflare_waf_package
• cloudflare_waf_group
• cloudflare_waf_rule

Getting Started

Most common usage of the module:

module "terraform-cloudflare-waf" {
  source = "[email protected]:mineiros-io/terraform-cloudflare-waf.git?ref=v0.1.1"

  zone_id    = "zone-id"
  package_id = "package-id"
}

Module Argument Reference

See variables.tf and examples/ for details and use-cases.

Main Resource Configuration

• zone_id: (Required string)

  The DNS zone ID to apply to.

• package_id: (Required string)

  The WAF Package ID.

• sensitivity: (Optional string)

  The sensitivity of the package, can be one of ['high', 'medium', 'low', 'off'].

• action_mode: (Optional string)

  The action mode of the package, can be one of ['block', 'challenge', 'simulate'].

• groups: (Optional list(group))

  A list of WAF groups.

  Default is [].

  Each group object in the list accepts the following attributes:

  • group_id: (Required string)

    The WAF Rule Group ID.

  • mode: (Required string)

    The mode of the group, can be one of ["on", "off"].

• rules: (Optional list(rule))

  A list of WAF rules.

  Default is [].

  Each rule object in the list accepts the following attributes:

  • rule_id: (Required string)

    The WAF Rule ID.

  • mode: (Required string)

    The mode of the rule, can be one of ["block", "challenge", "default", "disable", "simulate"] or ["on", "off"] depending on the WAF Rule type.

Module Configuration

• module_enabled: (Optional bool)

  Specifies whether resources in the module will be created.

  Default is true.

• module_depends_on: (Optional list(dependency))

  A list of dependencies. Any object can be assigned to this list to define a hidden external dependency.

  Default is [].

  Example:

  module_depends_on = [
    null_resource.name
  ]

Module Outputs

The following attributes are exported in the outputs of the module:

• package: (object(package))

  All cloudflare_waf_package resource attributes.

• groups: (map(groups))

  All cloudflare_waf_group resource attributes.

• rules: (map(rules))

  All cloudflare_waf_rule resource attributes.

• module_enabled: (bool)

  Whether this module is enabled.

External Documentation

Cloudfare Documentation

• https://www.cloudflare.com/en-gb/waf/

Terraform AWS Provider Documentation

• https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/waf_group
• https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/waf_package
• https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/waf_rule
• https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/data-sources/waf_packages

Module Versioning

This Module follows the principles of Semantic Versioning (SemVer).

Given a version number MAJOR.MINOR.PATCH, we increment the:

1. MAJOR version when we make incompatible changes,
2. MINOR version when we add functionality in a backwards compatible manner, and
3. PATCH version when we make backwards compatible bug fixes.

Backwards compatibility in 0.0.z and 0.y.z version

• Backwards compatibility in versions 0.0.z is not guaranteed when z is increased. (Initial development)
• Backwards compatibility in versions 0.y.z is not guaranteed when y is increased. (Pre-release)

About Mineiros

Mineiros is a remote-first company headquartered in Berlin, Germany that solves development, automation and security challenges in cloud infrastructure.

Our vision is to massively reduce time and overhead for teams to manage and deploy production-grade and secure cloud infrastructure.

We offer commercial support for all of our modules and encourage you to reach out if you have any questions or need help. Feel free to email us at [email protected] or join our Community Slack channel.

Reporting Issues

We use GitHub Issues to track community reported issues and missing features.

Contributing

Contributions are always encouraged and welcome! For the process of accepting changes, we use Pull Requests. If you'd like more information, please see our Contribution Guidelines.

Makefile Targets

This repository comes with a handy Makefile. Run make help to see details on each available target.

License

This module is licensed under the Apache License Version 2.0, January 2004. Please see LICENSE for full details.

Copyright © 2020-2022 Mineiros GmbH