feat: Support 'association_config' argument

uyggnodoow · uyggnodoow · commit 54d956c56e5e · 2025-06-03T22:22:47.000+09:00
diff --git a/main.tf b/main.tf
@@ -15,6 +15,44 @@ resource "aws_wafv2_web_acl" "this" {
     }
   }
 
+  dynamic "association_config" {
+    for_each = var.association_config == null ? [] : [var.association_config]
+    content {
+      dynamic "request_body" {
+        for_each = lookup(association_config.value, "request_body", null) == null ? [] : [lookup(association_config.value, "request_body")]
+        content {
+          dynamic "api_gateway" {
+            for_each = lookup(request_body.value, "api_gateway", null) == null ? [] : [1]
+            content {
+              default_size_inspection_limit = request_body.value.api_gateway.default_size_inspection_limit
+            }
+          }
+
+          dynamic "app_runner_service" {
+            for_each = lookup(request_body.value, "app_runner_service", null) == null ? [] : [1]
+            content {
+              default_size_inspection_limit = request_body.value.app_runner_service.default_size_inspection_limit
+            }
+          }
+
+          dynamic "cognito_user_pool" {
+            for_each = lookup(request_body.value, "cognito_user_pool", null) == null ? [] : [1]
+            content {
+              default_size_inspection_limit = request_body.value.cognito_user_pool.default_size_inspection_limit
+            }
+          }
+
+          dynamic "verified_access_instance" {
+            for_each = lookup(request_body.value, "verified_access_instance", null) == null ? [] : [1]
+            content {
+              default_size_inspection_limit = request_body.value.verified_access_instance.default_size_inspection_limit
+            }
+          }
+        }
+      }
+    }
+  }
+
   dynamic "rule" {
     for_each = var.rule
     content {
diff --git a/variables.tf b/variables.tf
@@ -19,6 +19,12 @@ variable "default_action" {
   type        = string
 }
 
+variable "association_config" {
+  description = "(Optional) Customizes the request body that your protected resource forward to AWS WAF for inspection."
+  type        = map(any)
+  default     = null
+}
+
 variable "visibility_config" {
   description = "(Required) Defines and enables Amazon CloudWatch metrics and web request sample collection."
   type        = map(string)
