Update default values to reduce duplication (#7)

* Update default values to reduce duplication * update readme
umotif-public · Jun 22, 2020 · a83f45a · a83f45a
1 parent 4c07a23
commit a83f45a
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -79,13 +79,14 @@ Module is to be used with Terraform > 0.12.
 
 ## Current Limitations/Issues
 
-1. All rules deployed via this module are set to blocking mode. At this stage, I was unable to find a way to pass following block as an environment variable (feel free to create a PR to resolve it):
+1. All rules deployed via this module are set to allowing mode. At this stage, I was unable to find a way to pass following block as an environment variable (feel free to create a PR to resolve it):
 ```tf
 default_action {
-    block {}
+    allow {}
 }
 ```
 This problem is tracked -> https://discuss.hashicorp.com/t/conditional-block-or-allow-variable-for-wafv2-resource-when-using-override-action-or-default-action/10162
+
 2. There is a terraform provider issue where you can't update tags once your WAFv2 is deployed. Issue reported -> https://github.com/terraform-providers/terraform-provider-aws/issues/13863
 
 ## Examples

diff --git a/main.tf b/main.tf
@@ -5,7 +5,7 @@ resource "aws_wafv2_web_acl" "main" {
   scope = "REGIONAL"
 
   default_action {
-    block {}
+    allow {}
   }
 
   dynamic "rule" {
@@ -38,9 +38,9 @@ resource "aws_wafv2_web_acl" "main" {
       dynamic "visibility_config" {
         for_each = length(lookup(rule.value, "visibility_config")) == 0 ? [] : [lookup(rule.value, "visibility_config", {})]
         content {
-          cloudwatch_metrics_enabled = lookup(visibility_config.value, "cloudwatch_metrics_enabled", false)
+          cloudwatch_metrics_enabled = lookup(visibility_config.value, "cloudwatch_metrics_enabled", true)
           metric_name                = lookup(visibility_config.value, "metric_name", "${var.name_prefix}-default-rule-metric-name")
-          sampled_requests_enabled   = lookup(visibility_config.value, "sampled_requests_enabled", false)
+          sampled_requests_enabled   = lookup(visibility_config.value, "sampled_requests_enabled", true)
         }
       }
     }
@@ -51,9 +51,9 @@ resource "aws_wafv2_web_acl" "main" {
   dynamic "visibility_config" {
     for_each = length(var.visibility_config) == 0 ? [] : [var.visibility_config]
     content {
-      cloudwatch_metrics_enabled = lookup(visibility_config.value, "cloudwatch_metrics_enabled", false)
+      cloudwatch_metrics_enabled = lookup(visibility_config.value, "cloudwatch_metrics_enabled", true)
       metric_name                = lookup(visibility_config.value, "metric_name", "${var.name_prefix}-default-web-acl-metric-name")
-      sampled_requests_enabled   = lookup(visibility_config.value, "sampled_requests_enabled", false)
+      sampled_requests_enabled   = lookup(visibility_config.value, "sampled_requests_enabled", true)
     }
   }
 }