Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/prasanna7401/frontdoor_premium-waf_policy

Contains Terraform and Bicep script to manage Azure FrontDoor (Standard/Premium) associated Web Application Firewall Policy Rules using Azure DevOps
https://github.com/prasanna7401/frontdoor_premium-waf_policy

azure azure-devops firewall-rules terraform web-application-firewall

Last synced: 5 days ago
JSON representation

Contains Terraform and Bicep script to manage Azure FrontDoor (Standard/Premium) associated Web Application Firewall Policy Rules using Azure DevOps

Host: GitHub
URL: https://github.com/prasanna7401/frontdoor_premium-waf_policy
Owner: prasanna7401
Created: 2024-12-31T12:59:27.000Z (about 1 month ago)
Default Branch: main
Last Pushed: 2025-01-16T21:57:01.000Z (19 days ago)
Last Synced: 2025-01-30T12:17:13.203Z (5 days ago)
Topics: azure, azure-devops, firewall-rules, terraform, web-application-firewall
Language: HCL
Homepage:
Size: 33.2 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # Azure FrontDoor Premium - Web Application Firewall Policy management

## Recommended WAF Custom Rule structure for easy management

1. AllowedIPs

2. AllowedCountries

3. CombinationRules

4. BlockedIPs

5. BlockedCountries

6. Others

## Manage rules (Sample)

1. [Dev-Policy](./waf_rules/test_rules.tfvars)

2. [Prod-Policy](./waf_rules/prod_rules.tfvars)

## How to?

1. Update rules:

    - to be filled later

2. How to add/manage a new WAF policy?

    Step-1: Add a the following in each code, by copy-pasting the other waf content in accordance with your new WAF policy name.

    - a new module in `main.tf`

    - a variable definition in `variables.tf`

    - a variable declaration in `terraform.tfvars`

    - a rule set in `rules/`, by importing the new device configuration to be managed by terraform. See below for importing procedures,

    

    Step-2: Import a new already-existing WAF policy configurations to statefile:

    ```sh

    terraform import -var-file="" -var-file="" ... module..azurerm_cdn_frontdoor_firewall_policy.waf_policy 

    ```

    > Example: `terraform import -var-file="rules/prod_rules.tfvars" -var-file="rules/test_rules.tfvars" module.testpolicy01.azurerm_cdn_frontdoor_firewall_policy.waf_policy /subscriptions/12345/resourceGroups/rg-pva-test/providers/Microsoft.Network/frontDoorWebApplicationFirewallPolicies/testwafpolicy01`

    

    > Note: This import step needs to be run only once, when you want to import the configurations of an existing resource to get managed by terraform for the first time. Provide the backend storage container details as required.

    Step-3: Add/update the `-var-file=rules/.tfvars` to every `plan` and `apply` steps in the pipeline.

## Special note

- If you would like to use this code to manage existing FD WAF, you should run `terraform import` to update your statefile, and have only required attributes.

-  While running `terraform import`, you may face errors like, `Error: ID was missing the 'frontDoorWebApplicationFirewallPolicies' element`. In this case, you should change the sentence casing in the resourceID from `frontdoorwebapplicationfirewallpolicies` to `frontDoorWebApplicationFirewallPolicies`.

- Before running `terraform destroy`, do not forget to remove the state configurations of the resources you have imported, to avoid unnecessary deletion. Use, `terraform state rm `.

- As a best practice, always `lifecycle {}` block in your code, to avoid accidental resource deletion/modification.