File tree Expand file tree Collapse file tree 1 file changed +27
-0
lines changed Expand file tree Collapse file tree 1 file changed +27
-0
lines changed Original file line number Diff line number Diff line change
1
+ resource "aws_wafv2_ip_set" "internal_ips" {
2
+ name = " internal IPs"
3
+ scope = " REGIONAL"
4
+ ip_address_version = " IPV4"
5
+ addresses = [" 10.0.0.0/16" ]
6
+ }
1
7
resource "aws_wafv2_web_acl" "basic_protection" {
2
8
name = " private-alb-waf"
3
9
scope = " REGIONAL"
@@ -38,6 +44,27 @@ resource "aws_wafv2_web_acl" "basic_protection" {
38
44
}
39
45
}
40
46
47
+ rule {
48
+ name = " obi-allow-internal-traffic"
49
+ priority = 5
50
+
51
+ action {
52
+ allow {}
53
+ }
54
+
55
+ statement {
56
+ ip_set_reference_statement {
57
+ arn = aws_wafv2_ip_set. internal_ips . arn
58
+ }
59
+ }
60
+
61
+ visibility_config {
62
+ cloudwatch_metrics_enabled = false
63
+ metric_name = " obi_allow-internal-traffic"
64
+ sampled_requests_enabled = false
65
+ }
66
+ }
67
+
41
68
rule {
42
69
name = " aws-common-ruleset"
43
70
priority = 10
You can’t perform that action at this time.
0 commit comments