Skip to content

Commit

Permalink
Fix CloudFront WAF ACL
Browse files Browse the repository at this point in the history
* Scope needs to be set to "CLOUDFRONT" (global) when associated to a CloudFront distribution
  • Loading branch information
Stretch96 committed Jun 7, 2024
1 parent cc2d171 commit 9ad470b
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions ecs-cluster-infrastructure-waf.tf
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ resource "aws_wafv2_ip_set" "infrastructure_ecs_cluster_ip_deny_list" {

name = "${local.resource_prefix}-${each.key}-ip-deny-list"
description = "IP addresses to block on ${local.resource_prefix}-${each.key}"
scope = "REGIONAL"
scope = "CLOUDFRONT"
ip_address_version = "IPV4"
addresses = each.value["ip_deny_list"]
}
Expand All @@ -17,7 +17,7 @@ resource "aws_wafv2_web_acl" "infrastructure_ecs_cluster" {

name = "${local.resource_prefix}-${each.key}"
description = "${local.resource_prefix} ${each.key}"
scope = "REGIONAL"
scope = "CLOUDFRONT"

default_action {
allow {}
Expand Down

0 comments on commit 9ad470b

Please sign in to comment.