Merge pull request #3490 from ministryofjustice/dp-1576-waf

Added WAF

terraform/environments/data-platform/waf.tf

@@ -0,0 +1,66 @@
+resource "aws_wafv2_web_acl" "waf" {
+  name  = local.environment
+  scope = "REGIONAL"
+
+  default_action {
+    allow {}
+  }
+
+  rule {
+    name     = "AWS-AWSManagedRulesCommonRuleSet"
+    priority = 1
+
+    override_action {
+      count {}
+    }
+
+    statement {
+      managed_rule_group_statement {
+        name        = "AWSManagedRulesCommonRuleSet"
+        vendor_name = "AWS"
+      }
+    }
+
+    visibility_config {
+      cloudwatch_metrics_enabled = true
+      metric_name                = "AWSManagedRulesCommonRuleSet"
+      sampled_requests_enabled   = false
+    }
+  }
+
+  rule {
+    name     = "AWS-AWSManagedRulesAmazonIpReputationList"
+    priority = 2
+
+    override_action {
+      count {}
+    }
+
+    statement {
+      managed_rule_group_statement {
+        name        = "AWSManagedRulesAmazonIpReputationList"
+        vendor_name = "AWS"
+      }
+    }
+
+    visibility_config {
+      cloudwatch_metrics_enabled = true
+      metric_name                = "AWSManagedRulesAmazonIpReputationList"
+      sampled_requests_enabled   = false
+    }
+  }
+
+
+  visibility_config {
+    cloudwatch_metrics_enabled = true
+    metric_name                = "waf"
+    sampled_requests_enabled   = false
+  }
+
+  tags = local.tags
+}
+
+resource "aws_wafv2_web_acl_association" "association" {
+  resource_arn = aws_api_gateway_stage.default_stage.arn
+  web_acl_arn  = aws_wafv2_web_acl.waf.arn
+}