feat: Add web acl association (#291)

Co-authored-by: Anton Babenko <[email protected]>

Author: rickychew77

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.80.0
+    rev: v1.81.0
     hooks:
       - id: terraform_fmt
       - id: terraform_wrapper_module_for_each

README.md

@@ -322,6 +322,7 @@ No modules.
 | [aws_lb_target_group_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group_attachment) | resource |
 | [aws_security_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
 | [aws_security_group_rule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_wafv2_web_acl_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl_association) | resource |
 
 ## Inputs
 
@@ -372,6 +373,7 @@ No modules.
 | <a name="input_target_group_tags"></a> [target\_group\_tags](#input\_target\_group\_tags) | A map of tags to add to all target groups | `map(string)` | `{}` | no |
 | <a name="input_target_groups"></a> [target\_groups](#input\_target\_groups) | A list of maps containing key/value pairs that define the target groups to be created. Order of these maps is important and the index of these are to be referenced in listener definitions. Required key/values: name, backend\_protocol, backend\_port | `any` | `[]` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC id where the load balancer and other resources will be deployed. | `string` | `null` | no |
+| <a name="input_web_acl_arn"></a> [web\_acl\_arn](#input\_web\_acl\_arn) | WAF ARN to associate this LB with. | `string` | `null` | no |
 | <a name="input_xff_header_processing_mode"></a> [xff\_header\_processing\_mode](#input\_xff\_header\_processing\_mode) | Determines how the load balancer modifies the X-Forwarded-For header in the HTTP request before sending the request to the target. | `string` | `"append"` | no |
 
 ## Outputs

main.tf

@@ -841,3 +841,9 @@ resource "aws_security_group_rule" "this" {
   self                     = lookup(each.value, "self", null)
   source_security_group_id = lookup(each.value, "source_security_group_id", null)
 }
+
+resource "aws_wafv2_web_acl_association" "this" {
+  count        = var.web_acl_arn != null ? 1 : 0
+  resource_arn = aws_lb.this[0].arn
+  web_acl_arn  = var.web_acl_arn
+}

variables.tf

@@ -277,3 +277,9 @@ variable "security_group_tags" {
   type        = map(string)
   default     = {}
 }
+
+variable "web_acl_arn" {
+  description = "WAF ARN to associate this LB with."
+  type        = string
+  default     = null
+}

wrappers/main.tf

@@ -49,4 +49,5 @@ module "wrapper" {
   security_group_description                  = try(each.value.security_group_description, var.defaults.security_group_description, null)
   security_group_rules                        = try(each.value.security_group_rules, var.defaults.security_group_rules, {})
   security_group_tags                         = try(each.value.security_group_tags, var.defaults.security_group_tags, {})
+  web_acl_arn                                 = try(each.value.web_acl_arn, var.defaults.web_acl_arn, null)
 }