Skip to content

topotal/terraform-aws-wafcharm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

terraform-aws-wafcharm

Terraform module for WafCharm IAM Role - creates IAM role and policies required for WafCharm integration

Note: This module supports WafCharm New Plan with AWS WAF v2 Advanced Rule Policy only.

The following configurations are not supported:

  • AWS WAF Classic (only available with Legacy Plan, cannot migrate to New Plan)
  • AWS WAF v2 + Legacy Rule Policy (requires multiple credentials and Lambda integration)
  • WafCharm Lite (separate product used with CSC Managed Rules)

For more details on WafCharm plans and rule policies, see:

Usage

module "wafcharm" {
  source = "github.com/topotal/terraform-aws-wafcharm"

  env                          = "production"
  wafcharm_trusted_account_ids = ["123456789012"]  # From WafCharm console
  wafcharm_external_ids        = ["your-external-id"]  # From WafCharm console
  waf_log_bucket_arn           = "arn:aws:s3:::aws-waf-logs-your-bucket"

  tags = {
    Environment = "production"
  }
}

Requirements

Name Version
terraform ~> 1.13.0
aws ~> 6.17.0

Providers

Name Version
aws ~> 6.17.0

Modules

No modules.

Resources

Name Type
aws_iam_policy.wafcharm_s3_read resource
aws_iam_role.wafcharm resource
aws_iam_role_policy_attachment.wafcharm_cloudwatch_readonly resource
aws_iam_role_policy_attachment.wafcharm_s3_read resource
aws_iam_role_policy_attachment.wafcharm_waf_full_access resource
aws_iam_policy_document.wafcharm_assume_role data source
aws_iam_policy_document.wafcharm_s3_read data source

Inputs

Name Description Type Default Required
env Environment name (e.g., dev, staging, production) string n/a yes
tags Additional tags for resources map(string) {} no
waf_log_bucket_arn ARN of the S3 bucket for WAF logs string n/a yes
wafcharm_external_ids List of External IDs for WafCharm (obtained from WafCharm console) list(string) n/a yes
wafcharm_trusted_account_ids List of AWS Account IDs trusted by WafCharm (obtained from WafCharm console) list(string) n/a yes

Outputs

Name Description
wafcharm_role_arn IAM Role ARN for registering to the WafCharm console
wafcharm_role_name IAM Role name for WafCharm

About

Terraform module for WafCharm IAM Role - creates IAM role and policies required for WafCharm integration

Topics

aws terraform waf wafcharm

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

3 tags

Contributors

Languages