feat: enable logging

ministryofjustice · Oct 9, 2024 · 99ec5fb · 99ec5fb
1 parent 2b128d9
commit 99ec5fb
Showing 1 changed file with 4 additions and 70 deletions.
diff --git a/terraform/environments/delius-jitbit/waf.tf b/terraform/environments/delius-jitbit/waf.tf
@@ -1,71 +1,3 @@
-# resource "aws_wafv2_web_acl" "this" {
-#   name        = "${local.application_name}-acl"
-#   description = "Web ACL for ${local.application_name}"
-#   scope       = "REGIONAL"
-#   default_action {
-#     allow {}
-#   }
-#   rule {
-#     name     = "AWSManagedRulesCommonRuleSet"
-#     priority = 0
-#     override_action {
-#       # Dont do anything but count requests that match the rules in the ruleset
-#       count {}
-#     }
-#     statement {
-#       managed_rule_group_statement {
-#         name        = "AWSManagedRulesCommonRuleSet"
-#         vendor_name = "AWS"
-#       }
-#     }
-#     visibility_config {
-#       cloudwatch_metrics_enabled = true
-#       metric_name                = "${local.application_name}-common-ruleset"
-#       sampled_requests_enabled   = true
-#     }
-#   }
-#   rule {
-#     name     = "AWSManagedRulesSQLiRuleSet"
-#     priority = 1
-#     override_action {
-#       # Dont do anything but count requests that match the rules in the ruleset
-#       count {}
-#     }
-#     statement {
-#       managed_rule_group_statement {
-#         name        = "AWSManagedRulesSQLiRuleSet"
-#         vendor_name = "AWS"
-#       }
-#     }
-#     visibility_config {
-#       cloudwatch_metrics_enabled = true
-#       metric_name                = "${local.application_name}-SQLi-ruleset"
-#       sampled_requests_enabled   = true
-#     }
-#   }
-
-#   tags = local.tags
-#   visibility_config {
-#     cloudwatch_metrics_enabled = true
-#     metric_name                = "${local.application_name}-waf-metrics"
-#     sampled_requests_enabled   = true
-#   }
-# }
-# resource "aws_wafv2_web_acl_association" "this" {
-#   resource_arn = aws_lb.external.arn
-#   web_acl_arn  = aws_wafv2_web_acl.this.arn
-# }
-
-# resource "aws_cloudwatch_log_group" "waf" {
-#   name              = "aws-waf-logs-${local.application_name}"
-#   retention_in_days = 60
-#   tags              = local.tags
-# }
-# resource "aws_wafv2_web_acl_logging_configuration" "waf" {
-#   log_destination_configs = [aws_cloudwatch_log_group.waf.arn]
-#   resource_arn            = aws_wafv2_web_acl.this.arn
-# }
-
 module "shield" {
   source = "../../modules/shield_advanced"
 
@@ -75,6 +7,8 @@ module "shield" {
 
   application_name = local.application_name
 
+  enable_logging = true
+
   resources = {
     alb = {
       arn = aws_lb.external.arn
@@ -128,9 +62,9 @@ data "external" "shield_waf" {
 }
 
 locals {
-  arn = split("regional/webacl/", data.external.shield_waf.result["arn"])[1]
+  split_arn = split("regional/webacl/", data.external.shield_waf.result["arn"])[1]
   name = data.external.shield_waf.result["name"]
-  id = split("/", local.arn)[1]
+  id = split("/", local.split_arn)[1]
   scope = "REGIONAL"
 
 }