My WAF SQL injection match set resource is changing on each plan/apply. Trying to understand why

I’m using a fork of https://github.com/traveloka/terraform-aws-waf-owasp-top-10-rules that I have here: https://github.com/masterpointio/terraform-aws-waf-owasp-top-10-rules

It recently started acting as if my module.fronting_waf.module.owasp_top_10_rules.aws_waf_sql_injection_match_set.owasp_01_sql_injection_set[0] resource needs to be changed every time. This is obviously an issue with many terraform resources due to the ordering complexity, but I’m wondering if there is anything I can do about this one in particular. Nothing is dynamic in that resource declaration and it’s doing this all of a sudden without any changes to that resource specifically.

Here is the tf plan log:

module.fronting_waf.module.owasp_top_10_rules.aws_waf_sql_injection_match_set.owasp_01_sql_injection_set[0] will be updated in-place
  ~ resource "aws_waf_sql_injection_match_set" "owasp_01_sql_injection_set" {
        id   = "abc63b18-c9bc-4ecd-8a32-d0ac91261604"
        name = "waf-owasp-01-detect-sql-injection-1ad18523df015a96"

      - sql_injection_match_tuples {
          - text_transformation = "HTML_ENTITY_DECODE" -> null

          - field_to_match {
              - type = "BODY" -> null
            }
        }
      - sql_injection_match_tuples {
          - text_transformation = "URL_DECODE" -> null

          - field_to_match {
              - type = "BODY" -> null
            }
        }
      - sql_injection_match_tuples {
          - text_transformation = "HTML_ENTITY_DECODE" -> null

          - field_to_match {
              - type = "QUERY_STRING" -> null
            }
        }
      - sql_injection_match_tuples {
          - text_transformation = "URL_DECODE" -> null

          - field_to_match {
              - type = "QUERY_STRING" -> null
            }
        }
      - sql_injection_match_tuples {
          - text_transformation = "HTML_ENTITY_DECODE" -> null

          - field_to_match {
              - type = "URI" -> null
            }
        }
      - sql_injection_match_tuples {
          - text_transformation = "URL_DECODE" -> null

          - field_to_match {
              - type = "URI" -> null
            }
        }
      + sql_injection_match_tuples {
          + text_transformation = "HTML_ENTITY_DECODE"

          + field_to_match {
              + data = "Authorization"
              + type = "HEADER"
            }
        }
      + sql_injection_match_tuples {
          + text_transformation = "URL_DECODE"

          + field_to_match {
              + data = "Authorization"
              + type = "HEADER"
            }
        }
      - sql_injection_match_tuples {
          - text_transformation = "HTML_ENTITY_DECODE" -> null

          - field_to_match {
              - data = "authorization" -> null
              - type = "HEADER" -> null
            }
        }
      - sql_injection_match_tuples {
          - text_transformation = "URL_DECODE" -> null

          - field_to_match {
              - data = "authorization" -> null
              - type = "HEADER" -> null
            }
        }
      + sql_injection_match_tuples {
          + text_transformation = "HTML_ENTITY_DECODE"

          + field_to_match {
              + type = "BODY"
            }
        }
      + sql_injection_match_tuples {
          + text_transformation = "URL_DECODE"

          + field_to_match {
              + type = "BODY"
            }
        }
      + sql_injection_match_tuples {
          + text_transformation = "HTML_ENTITY_DECODE"

          + field_to_match {
              + type = "QUERY_STRING"
            }
        }
      + sql_injection_match_tuples {
          + text_transformation = "URL_DECODE"

          + field_to_match {
              + type = "QUERY_STRING"
            }
        }
      + sql_injection_match_tuples {
          + text_transformation = "HTML_ENTITY_DECODE"

          + field_to_match {
              + type = "URI"
            }
        }
      + sql_injection_match_tuples {
          + text_transformation = "URL_DECODE"

          + field_to_match {
              + type = "URI"
            }
        }
    }

Any thoughts or suggestions on things to try would be much appreciated. Thanks!

1 Like

I have the same issue with my terraform code :frowning: