presented AWS Shield Advanced configuration through code, removed old…

… implementation of monitoring for ddos alerting (#7756)
ministryofjustice · Sep 12, 2024 · 64ce08f · 64ce08f
1 parent 60bf584
commit 64ce08f
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 51 deletions.
diff --git a/terraform/environments/ppud/monitoring.tf b/terraform/environments/ppud/monitoring.tf
diff --git a/terraform/environments/ppud/shield.tf b/terraform/environments/ppud/shield.tf
@@ -0,0 +1,28 @@
+module "shield" {
+  source   = "../../modules/shield_advanced"
+  for_each = local.is-production ? { "build" = true } : {}
+  providers = {
+    aws.modernisation-platform = aws.modernisation-platform
+  }
+  application_name = local.application_name
+  resources = {
+    WAM-ALB = {
+      action = "count"
+      arn    = aws_lb.WAM-ALB.arn
+    }
+  }
+  waf_acl_rules = {
+    example = {
+      "action"    = "count",
+      "name"      = "DDoSprotection",
+      "priority"  = 0,
+      "threshold" = "150"
+    }
+  }
+}
+
+import {
+  for_each = local.is-production ? { "build" = true } : {}
+  id = "60a72081-57ea-4a38-b04a-778796012304/FMManagedWebACLV2-shield_advanced_auto_remediate-1649415357278/REGIONAL"
+  to = module.shield["build"].aws_wafv2_web_acl.main
+}