From a83f45ad6d459da273d62cb810ec67a35e0267e7 Mon Sep 17 00:00:00 2001
From: Marcin Cuber <marcincuber@hotmail.com>
Date: Mon, 22 Jun 2020 13:58:59 +0100
Subject: [PATCH] Update default values to reduce duplication (#7)

* Update default values to reduce duplication

* update readme
---
 README.md |  5 +++--
 main.tf   | 10 +++++-----
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index ca35c22..8f80c42 100644
--- a/README.md
+++ b/README.md
@@ -79,13 +79,14 @@ Module is to be used with Terraform > 0.12.
 
 ## Current Limitations/Issues
 
-1. All rules deployed via this module are set to blocking mode. At this stage, I was unable to find a way to pass following block as an environment variable (feel free to create a PR to resolve it):
+1. All rules deployed via this module are set to allowing mode. At this stage, I was unable to find a way to pass following block as an environment variable (feel free to create a PR to resolve it):
 ```tf
 default_action {
-    block {}
+    allow {}
 }
 ```
 This problem is tracked -> https://discuss.hashicorp.com/t/conditional-block-or-allow-variable-for-wafv2-resource-when-using-override-action-or-default-action/10162
+
 2. There is a terraform provider issue where you can't update tags once your WAFv2 is deployed. Issue reported -> https://github.com/terraform-providers/terraform-provider-aws/issues/13863
 
 ## Examples
diff --git a/main.tf b/main.tf
index 511b775..c44190f 100644
--- a/main.tf
+++ b/main.tf
@@ -5,7 +5,7 @@ resource "aws_wafv2_web_acl" "main" {
   scope = "REGIONAL"
 
   default_action {
-    block {}
+    allow {}
   }
 
   dynamic "rule" {
@@ -38,9 +38,9 @@ resource "aws_wafv2_web_acl" "main" {
       dynamic "visibility_config" {
         for_each = length(lookup(rule.value, "visibility_config")) == 0 ? [] : [lookup(rule.value, "visibility_config", {})]
         content {
-          cloudwatch_metrics_enabled = lookup(visibility_config.value, "cloudwatch_metrics_enabled", false)
+          cloudwatch_metrics_enabled = lookup(visibility_config.value, "cloudwatch_metrics_enabled", true)
           metric_name                = lookup(visibility_config.value, "metric_name", "${var.name_prefix}-default-rule-metric-name")
-          sampled_requests_enabled   = lookup(visibility_config.value, "sampled_requests_enabled", false)
+          sampled_requests_enabled   = lookup(visibility_config.value, "sampled_requests_enabled", true)
         }
       }
     }
@@ -51,9 +51,9 @@ resource "aws_wafv2_web_acl" "main" {
   dynamic "visibility_config" {
     for_each = length(var.visibility_config) == 0 ? [] : [var.visibility_config]
     content {
-      cloudwatch_metrics_enabled = lookup(visibility_config.value, "cloudwatch_metrics_enabled", false)
+      cloudwatch_metrics_enabled = lookup(visibility_config.value, "cloudwatch_metrics_enabled", true)
       metric_name                = lookup(visibility_config.value, "metric_name", "${var.name_prefix}-default-web-acl-metric-name")
-      sampled_requests_enabled   = lookup(visibility_config.value, "sampled_requests_enabled", false)
+      sampled_requests_enabled   = lookup(visibility_config.value, "sampled_requests_enabled", true)
     }
   }
 }