Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AWS Managed Rules for AWS WAF #11046

Closed
ewbankkit opened this issue Nov 27, 2019 · 9 comments
Closed

AWS Managed Rules for AWS WAF #11046

ewbankkit opened this issue Nov 27, 2019 · 9 comments
Assignees
Labels
new-data-source Introduces a new data source. service/wafv2 Issues and PRs that pertain to the wafv2 service.
Milestone

Comments

@ewbankkit
Copy link
Contributor

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

AWS WAF announces AWS Managed Rules (AMRs), a set of AWS WAF rules curated and maintained by the AWS Threat Research Team.

New or Affected Resource(s)

  • aws_XXXXX

Potential Terraform Configuration

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

References

Announcement.
Blog post.

New API version, wafv2; See aws/aws-sdk-go#2976.

Requires AWS SDK v1.25.42:

@ewbankkit ewbankkit added the enhancement Requests to existing resources that expand the functionality or scope. label Nov 27, 2019
@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label Nov 27, 2019
@bflad bflad added new-data-source Introduces a new data source. service/wafv2 Issues and PRs that pertain to the wafv2 service. and removed enhancement Requests to existing resources that expand the functionality or scope. needs-triage Waiting for first response or review from a maintainer. labels Dec 2, 2019
bflad added a commit that referenced this issue Dec 6, 2019
Reference: #11046

Following the [Contributing Guide](https://github.com/terraform-providers/terraform-provider-aws/blob/master/.github/CONTRIBUTING.md#new-service).

Output from acceptance testing:

```
--- PASS: TestAccAWSProvider_Endpoints_Deprecated (3.08s)
--- PASS: TestAccAWSProvider_Endpoints (3.10s)
```
@bflad
Copy link
Contributor

bflad commented Dec 6, 2019

Submitted the wafv2 service client and tagging implementation to kick things off here: #11172

I believe WAFv2 APIs are wholly independent of previous WAF "Classic" resources, so this issue may need to turn into multiple feature requests to support other WAFv2 resources as well like Web ACL for parity with the previous ones.

@bflad
Copy link
Contributor

bflad commented Dec 6, 2019

Split out other related WAFv2 feature requests:

In WAFv2 it appears that referencing managed rules is based on name and vendor name arguments that live inside the much more complicated (compared to WAF Classic) rule structure, which you can see in #11175 and #11176.

As for this feature request issue, I'm not sure if we should keep those open to track overall WAFv2 implementation, close it in preference of the split out issues, or if there's much benefit to having something akin to the below since the name/vendor lookup is the same (and not like the references need to be ARNs or some other identifier):

data "aws_wafv2_managed_rule_group" "example" {
  name = ""
  scope = ""
  vendor_name = ""
}

@wgorski
Copy link

wgorski commented Apr 7, 2020

I'm very happy to see that this is being implemented. Is this planned for any specific version?

@pvanbuijtene
Copy link
Contributor

@wgorski I don't think so, next step is getting the PRs to be reviewed.

@maryelizbeth
Copy link
Contributor

Hi Y’all!

Due to the significant community interest in support for this service, we will be focusing on enabling existing contributions to be merged. Where a community sourced pull request is missing, the Hashicorp team will add support.

We appreciate all the contributions and feedback thus far!

Look out for WAFv2 support to be within the next few releases!

@maryelizbeth maryelizbeth added this to the Roadmap milestone May 19, 2020
@itsSaad
Copy link

itsSaad commented Jun 19, 2020

We have started using the aws_wafv2_webacl resource now that its released with 2.67.0. Nice Work Community.
It seems that we are missing the PutLoggingConfiguration functionality on a wafv2 webacl. Is this something we plan to deliver soon or any plans for it?

@breathingdust
Copy link
Member

Hi @itsSaad! 👋

Support for logging configuration has just been released in v2.68.0 of the provider via the aws_wafv2_web_acl_logging_configuration resource. 🎉

@breathingdust
Copy link
Member

As the last item for this meta issue has been release I will close this meta-issue. Huge thanks to @pvanbuijtene for the contributions!

@ghost
Copy link

ghost commented Jul 26, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Jul 26, 2020
@breathingdust breathingdust modified the milestones: Roadmap, v2.68.0 Nov 16, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
new-data-source Introduces a new data source. service/wafv2 Issues and PRs that pertain to the wafv2 service.
Projects
None yet
Development

No branches or pull requests

8 participants