Merge pull request #212 from YAPP-Github/develop

lvalentine6 · web-flow · commit 05516ed3d34c · 2025-10-29T03:14:41.000+09:00
[Refactor] 비용 최적화를 위한 기존 WAF 규칙 삭제 Prod 적용
diff --git a/terraform/common/waf/main.tf b/terraform/common/waf/main.tf
@@ -183,25 +183,6 @@ resource "aws_wafv2_web_acl" "this" {
     }
   }
 
-  rule {
-    name     = "Rate-Limit-Rule"
-    priority = 20
-    action {
-      block {}
-    }
-    statement {
-      rate_based_statement {
-        limit              = var.request_threshold
-        aggregate_key_type = "IP"
-      }
-    }
-    visibility_config {
-      cloudwatch_metrics_enabled = true
-      metric_name                = "rate-limit-rule"
-      sampled_requests_enabled   = true
-    }
-  }
-
   # AWS Managed Core Rule Set
   rule {
     name     = "AWS-Managed-Core-Rule-Set"
@@ -222,86 +203,6 @@ resource "aws_wafv2_web_acl" "this" {
     }
   }
 
-  # Scanners & Probes Protection
-  rule {
-    name     = "AWS-Managed-Known-Bad-Inputs-Rule-Set"
-    priority = 40
-    override_action {
-      none {}
-    }
-    statement {
-      managed_rule_group_statement {
-        vendor_name = "AWS"
-        name        = "AWSManagedRulesKnownBadInputsRuleSet"
-      }
-    }
-    visibility_config {
-      cloudwatch_metrics_enabled = true
-      metric_name                = "aws-managed-bad-inputs"
-      sampled_requests_enabled   = true
-    }
-  }
-
-  # Reputation Lists Protection
-  rule {
-    name     = "AWS-Managed-Amazon-IP-Reputation-List"
-    priority = 50
-    override_action {
-      none {}
-    }
-    statement {
-      managed_rule_group_statement {
-        vendor_name = "AWS"
-        name        = "AWSManagedRulesAmazonIpReputationList"
-      }
-    }
-    visibility_config {
-      cloudwatch_metrics_enabled = true
-      metric_name                = "aws-managed-ip-rep"
-      sampled_requests_enabled   = true
-    }
-  }
-
-  # Anonymous IP list
-  rule {
-    name     = "AWS-Managed-Anonymous-IP-List"
-    priority = 70
-    override_action {
-      none {}
-    }
-    statement {
-      managed_rule_group_statement {
-        vendor_name = "AWS"
-        name        = "AWSManagedRulesAnonymousIpList"
-      }
-    }
-    visibility_config {
-      cloudwatch_metrics_enabled = true
-      metric_name                = "aws-managed-anonymous-ip"
-      sampled_requests_enabled   = true
-    }
-  }
-
-  # SQL database
-  rule {
-    name     = "AWS-Managed-SQLi-Rule-Set"
-    priority = 80
-    override_action {
-      none {}
-    }
-    statement {
-      managed_rule_group_statement {
-        vendor_name = "AWS"
-        name        = "AWSManagedRulesSQLiRuleSet"
-      }
-    }
-    visibility_config {
-      cloudwatch_metrics_enabled = true
-      metric_name                = "aws-managed-sql-db"
-      sampled_requests_enabled   = true
-    }
-  }
-
   visibility_config {
     cloudwatch_metrics_enabled = true
     metric_name                = "${var.project_name}-web-acl"
