Hi guys, I’ve been stuck there for several days. Could you please advise how to figure it out?
I have two web acl: lb1 and lb2. Now I wanna add AWS managed rules to lb1 ONLY. I was trying to add another dynamic block to dynamic “rule” to constrain the web_acl name = lb1 but failed. Any advice will be much appreciated.
variable.web_acl=[{name=lb1, action=block}, {name=lb2, action=block}]
resource "aws_wafv2_web_acl" "example" {
for_each = { for web_acl in var.web_acl : web_acl.name => web_acl }
name = "${each.value.name}-web-acl"
description = "Web ACL for ${each.value.name}"
scope = "REGIONAL"
default_action {
dynamic "allow" {
for_each = each.value.action == "allow" ? [""] : []
content {
}
}
dynamic "block" {
for_each = each.value.action == "block" ? [""] : []
content {
}
}
}
dynamic "rule" {
for_each = var.aws_managed_rules
content {
name = rule.value.name
priority = rule.value.priority
override_action {
count {}
}
statement {
managed_rule_group_statement {
name = rule.value.managed_rule_group_statement_name
vendor_name = rule.value.managed_rule_group_statement_vendor_name
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = rule.value.metric_name
sampled_requests_enabled = true
}
}
}