I all,
I’m using the following versions
Terraform v1.5.7
on linux_amd64
+ provider registry.terraform.io/hashicorp/aws v5.14.0
And I’m trying to implement a wafv2_web_acl resource with the rules:
AWS-AWSManagedRulesAnonymousIpList
WSManagedRulesAmazonIpReputationList
and also adding a set ip of address to whitelist them, but I’m not able to achieve , what I’m tried is
resource "aws_wafv2_web_acl" "WafWebAcl" {
name = "wafv2-web-acl-${local.short_region_name}-${var.environment}-${var.project}"
scope = "REGIONAL"
default_action {
allow {
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "WAF_Common_Protections"
sampled_requests_enabled = true
}
rule {
name = "AWS-AWSManagedRulesAmazonIpReputationList"
priority = 2
override_action {
none {
}
}
statement {
managed_rule_group_statement {
name = "AWSManagedRulesAmazonIpReputationList"
vendor_name = "AWS"
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "AWS-AWSManagedRulesAmazonIpReputationList"
sampled_requests_enabled = true
}
}
rule {
name = "AWS-AWSManagedRulesAnonymousIpList"
priority = 3
override_action {
none {
}
}
statement {
managed_rule_group_statement {
name = "AWSManagedRulesAnonymousIpList"
vendor_name = "AWS"
rule_action_override {
action_to_use {
allow {}
}
name = "HostingProviderIPList"
}
}
not_statement {
statement {
ip_set_reference_statement {
arn = aws_wafv2_ip_set.waf_ip_set.arn
}
}
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "AWS-AWSManagedRulesAnonymousIpList"
sampled_requests_enabled = true
}
}
}
Can anyone can help me with that ? I’m not sure how to add the not_statement for the ip_set
Thanks
Best regards