Crowdsec AWS WAF bouncer to manage an existing RuleGroup ? #88
Description
The model is as follows : a WebACL contains Rules or RuleGroups, RuleGroups contains Rules which point to IPSets that are edited by CrowdSec.
The difficulty we are facing is that the WAF is created and managed by Terraform (IAC is encouraged right?) and when CrowdSec introduces a RuleGroup with the Rules and IPSets, it behaves as expected. But when we re-apply the Terraform the created RuleGroup is removed since it has no identifier known by Terraform. We have tried to add the RuleGroup created by CrowdSec to Terraform with some lifecycle, ignore_changes so that it doesn't modify the Rules and IPSets created and modified by the bouncer but this strategy doesn't work since cs-aws-waf-bouncer destroys and recreates the RuleGroup and thus, new arn/identifiers are used.
Would it be possible to have an option to use and existing RuleGroup instead of creating/destroying it when the bouncer starts and stops ?
An additional argument in favor of this is that while the pod is restarting (this can take long), the protected application is unprotected since the RuleGroup has been removed.