Merge pull request #4 from custom-terraform-aws-modules/fix/web-acl

kfc-manager · web-flow · commit a8c5e68778e5 · 2024-03-24T17:07:17.000+01:00
Fix/web acl
diff --git a/README.md b/README.md
@@ -27,7 +27,6 @@ This module provides an API Gateway with the option to define routes which invok
 | description | Short text of what the API Gateway is trying to accomplish.                                                                                                  | `string`       | ""      |    no    |
 | domain      | Custom domain pointed to the API Gateway.                                                                                                                    | `string`       | n/a     |   yes    |
 | zone_id     | ID of the public hosted zone for the domain. (When not specified the public hosted zone of the domain will be pulled with a data resource from your account) | `string`       | ""      |    no    |
-| rate_limit  | Rate limit for traffic from the same IP address over a period of 5 minutes.                                                                                  | `number`       | 0       |    no    |
 | routes      | A list of objects for the definition of routes in the API Gateway.                                                                                           | `list(object)` | []      |    no    |
 | log_config  | An object for the definition of a CloudWatch log for the API Gateway.                                                                                        | `object`       | null    |    no    |
 | cors_config | An object for the definition of the CORS configuration for the API Gateway.                                                                                  | `object`       | null    |    no    |
diff --git a/main.tf b/main.tf
@@ -171,64 +171,3 @@ resource "aws_route53_record" "main" {
     evaluate_target_health = false
   }
 }
-
-################################
-# WAF Web ACL                  #
-################################
-
-resource "aws_wafv2_web_acl" "main" {
-  count = var.rate_limit > 0 ? 1 : 0
-  name  = "${var.identifier}-api-gw"
-  scope = "REGIONAL"
-
-  default_action {
-    allow {}
-  }
-
-  custom_response_body {
-    key          = "blocked_request_custom_response"
-    content      = "{\n    \"error\":\"Too Many Requests.\"\n}"
-    content_type = "APPLICATION_JSON"
-  }
-
-  visibility_config {
-    cloudwatch_metrics_enabled = true
-    metric_name                = "${var.identifier}-api-gw"
-    sampled_requests_enabled   = true
-  }
-
-  rule {
-    name     = "RateLimit"
-    priority = 1
-
-    action {
-      block {
-        custom_response {
-          custom_response_body_key = "blocked_request_custom_response"
-          response_code            = 429
-        }
-      }
-    }
-
-    statement {
-      rate_based_statement {
-        aggregate_key_type = "IP"
-        limit              = var.rate_limit
-      }
-    }
-
-    visibility_config {
-      cloudwatch_metrics_enabled = true
-      metric_name                = "${var.identifier}-api-gw-RateLimit"
-      sampled_requests_enabled   = true
-    }
-  }
-
-  tags = var.tags
-}
-
-resource "aws_wafv2_web_acl_association" "main" {
-  count        = var.rate_limit > 0 ? 1 : 0
-  resource_arn = aws_apigatewayv2_stage.main.arn
-  web_acl_arn  = aws_wafv2_web_acl.main[0].arn
-}
diff --git a/tests/waf.tftest.hcl b/tests/waf.tftest.hcl
diff --git a/variables.tf b/variables.tf
@@ -24,12 +24,6 @@ variable "zone_id" {
   default     = ""
 }
 
-variable "rate_limit" {
-  description = "Rate limit for traffic from the same IP address over a period of 5 minutes."
-  type        = number
-  default     = 0
-}
-
 variable "log_config" {
   description = "An object for the definition of a CloudWatch log for the API Gateway."
   type = object({
