I’m using a fork of https://github.com/traveloka/terraform-aws-waf-owasp-top-10-rules that I have here: https://github.com/masterpointio/terraform-aws-waf-owasp-top-10-rules
It recently started acting as if my module.fronting_waf.module.owasp_top_10_rules.aws_waf_sql_injection_match_set.owasp_01_sql_injection_set[0] resource needs to be changed every time. This is obviously an issue with many terraform resources due to the ordering complexity, but I’m wondering if there is anything I can do about this one in particular. Nothing is dynamic in that resource declaration and it’s doing this all of a sudden without any changes to that resource specifically.
Here is the tf plan log:
module.fronting_waf.module.owasp_top_10_rules.aws_waf_sql_injection_match_set.owasp_01_sql_injection_set[0] will be updated in-place
~ resource "aws_waf_sql_injection_match_set" "owasp_01_sql_injection_set" {
id = "abc63b18-c9bc-4ecd-8a32-d0ac91261604"
name = "waf-owasp-01-detect-sql-injection-1ad18523df015a96"
- sql_injection_match_tuples {
- text_transformation = "HTML_ENTITY_DECODE" -> null
- field_to_match {
- type = "BODY" -> null
}
}
- sql_injection_match_tuples {
- text_transformation = "URL_DECODE" -> null
- field_to_match {
- type = "BODY" -> null
}
}
- sql_injection_match_tuples {
- text_transformation = "HTML_ENTITY_DECODE" -> null
- field_to_match {
- type = "QUERY_STRING" -> null
}
}
- sql_injection_match_tuples {
- text_transformation = "URL_DECODE" -> null
- field_to_match {
- type = "QUERY_STRING" -> null
}
}
- sql_injection_match_tuples {
- text_transformation = "HTML_ENTITY_DECODE" -> null
- field_to_match {
- type = "URI" -> null
}
}
- sql_injection_match_tuples {
- text_transformation = "URL_DECODE" -> null
- field_to_match {
- type = "URI" -> null
}
}
+ sql_injection_match_tuples {
+ text_transformation = "HTML_ENTITY_DECODE"
+ field_to_match {
+ data = "Authorization"
+ type = "HEADER"
}
}
+ sql_injection_match_tuples {
+ text_transformation = "URL_DECODE"
+ field_to_match {
+ data = "Authorization"
+ type = "HEADER"
}
}
- sql_injection_match_tuples {
- text_transformation = "HTML_ENTITY_DECODE" -> null
- field_to_match {
- data = "authorization" -> null
- type = "HEADER" -> null
}
}
- sql_injection_match_tuples {
- text_transformation = "URL_DECODE" -> null
- field_to_match {
- data = "authorization" -> null
- type = "HEADER" -> null
}
}
+ sql_injection_match_tuples {
+ text_transformation = "HTML_ENTITY_DECODE"
+ field_to_match {
+ type = "BODY"
}
}
+ sql_injection_match_tuples {
+ text_transformation = "URL_DECODE"
+ field_to_match {
+ type = "BODY"
}
}
+ sql_injection_match_tuples {
+ text_transformation = "HTML_ENTITY_DECODE"
+ field_to_match {
+ type = "QUERY_STRING"
}
}
+ sql_injection_match_tuples {
+ text_transformation = "URL_DECODE"
+ field_to_match {
+ type = "QUERY_STRING"
}
}
+ sql_injection_match_tuples {
+ text_transformation = "HTML_ENTITY_DECODE"
+ field_to_match {
+ type = "URI"
}
}
+ sql_injection_match_tuples {
+ text_transformation = "URL_DECODE"
+ field_to_match {
+ type = "URI"
}
}
}
Any thoughts or suggestions on things to try would be much appreciated. Thanks!
