Skip to content

v1.537.4
Compare
Choose a tag to compare
@cloudposse-releaser cloudposse-releaser released this 19 Aug 23:20
· 7 commits to main since this release
v1.537.4
84cba62
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🤖 Automatic Updates

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#43) ## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

chore(deps): update terraform cloudposse/waf/aws to v1.10.0 @[renovate[bot]](https://github.com/apps/renovate) (#42) This PR contains the following updates:
Package Type Update Change
cloudposse/waf/aws (source) module minor 1.9.0 -> 1.10.0

Release Notes

cloudposse/terraform-aws-waf (cloudposse/waf/aws)

v1.10.0

Compare Source

Implement nested rules adding dynamic statement creation @​davidnbr (#​111)

what

  • Adds a new type of rule statement called nested_statement_rules, this will allow us to created nested block of rules where we want to add more complex conditionals and/or group conditions.
  • Adds dynamic integration of the different types of rules that are accepted by WAF v2 ACL in AWS
  • Adds description to the variables and blocks created

why

  • I think this would be a great feature to add, I was working for a client and crashed to these limitations.
    Making this will allow us to add more complex WAF rules with AND, OR and NOT nested conditions.
    I encountered a case where I had to add a rule with:
AND_STATEMENT {
     LABEL_STATEMENT{     
      ...
     }
     NOT_STATEMENT{
          BYTE_MATCH_STATEMENT{
          ...
          }
     NOT_STATEMENT{
          BYTE_MATCH_STATEMENT{
          ...
          }
     }
}

Here we have more levels of nesting, with this module I did not find a solution to create a custom rule and make this type of constraint. I had to use the direct resource from Terraform AWS.

  • This will allow us to create blocks like:
 nested_statement_rules = [
  {
    name     = "complex-and-with-not-statements"
    priority = 100
    action   = "block"
    
    statement = {
      and_statement = {
        statements = [
          {
            label_match_statement = {
              scope = "LABEL"
              key   = "internal"
            }
          },
          {
            not_statement = {
              statement = {
                byte_match_statement = {
                  positional_constraint = "EXACTLY"
                  search_string        = "/authorized"
                  field_to_match = { uri_path = true }
                  text_transformation = [{ priority = 0, type = "NONE" }]
                }
              }
            }
          },
          {
            not_statement = {
              statement = {
                byte_match_statement = {
                  positional_constraint = "CONTAINS"
                  search_string        = "AuthorizedBot"
                  field_to_match = { single_header = { name = "user-agent" } }
                  text_transformation = [{ priority = 0, type = "LOWERCASE" }]
                }
              }
            }
          }
        ]
      }
    }
    
    visibility_config = {
      metric_name = "complex-and-with-not-statements"
    }
  }
]

references

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

chore(deps): update tflint plugin terraform-linters/tflint-ruleset-aws to v0.42.0 @[renovate[bot]](https://github.com/apps/renovate) (#37) This PR contains the following updates:
Package Type Update Change
terraform-linters/tflint-ruleset-aws plugin minor 0.41.0 -> 0.42.0

Release Notes

terraform-linters/tflint-ruleset-aws (terraform-linters/tflint-ruleset-aws)

v0.42.0

Compare Source

What's Changed

Breaking Changes
Chores

Full Changelog: terraform-linters/tflint-ruleset-aws@v0.41.0...v0.42.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Assets 2
Loading