diff --git a/google_fastly_waf/README.md b/google_fastly_waf/README.md index acc93266..9b456602 100644 --- a/google_fastly_waf/README.md +++ b/google_fastly_waf/README.md @@ -148,7 +148,7 @@ module "fastly_stage" { | [cache\_settings](#input\_cache\_settings) | List of cache settings for the Fastly service. |
list(object({
name = string
action = optional(string)
cache_condition = optional(string)
stale_ttl = optional(number)
ttl = optional(number)
}))
| `[]` | no | | [conditions](#input\_conditions) | List of Fastly conditions to create (REQUEST, RESPONSE or CACHE). |
list(object({
name = string # required, unique
statement = string # VCL conditional expression
type = string # one of: REQUEST, RESPONSE, CACHE
priority = optional(number) # lower runs first, default 10
}))
| `[]` | no | | [ddos\_protection](#input\_ddos\_protection) | Optional DDoS Protection configuration for the Fastly service product enablement. |
object({
enabled = bool
mode = string
})
| `null` | no | -| [ddos\_protection\_alert](#input\_ddos\_protection\_alert) | Optional Slack alerting for Fastly DDoS Protection. When set, the module creates a Slack `fastly_integration` and a `fastly_alert` on the `ddos_protection_requests_detect_count` stats metric that notifies the channel behind the webhook. Intended to be paired with `ddos_protection` being enabled. Set to `null` (the default) to create no alerting resources. |
object({
enabled = optional(bool, true)
slack_webhook_secret = string
threshold = optional(number, 1)
period = optional(string, "5m")
})
| `null` | no | +| [ddos\_protection\_alert](#input\_ddos\_protection\_alert) | Optional Slack alerting for Fastly DDoS Protection. When set, the module creates a Slack `fastly_integration` and a `fastly_alert` on the `ddos_protection_requests_detect_count` stats metric that notifies the channel behind the webhook. Intended to be paired with `ddos_protection` being enabled. Set to `null` (the default) to create no alerting resources. |
object({
enabled = optional(bool, true)
slack_webhook_secret = string
threshold = optional(number, 1)
period = optional(string, "5m")
description = optional(string)
})
| `null` | no | | [domains](#input\_domains) | A list of domains | `list(any)` | `[]` | no | | [https\_redirect\_enabled](#input\_https\_redirect\_enabled) | n/a | `bool` | `true` | no | | [legacy\_edge\_deployment](#input\_legacy\_edge\_deployment) | If true (default), deploy NGWAF via the legacy sigsci EdgeDeployment APIs and Fastly dynamic snippets. If false, deploy via Fastly's product\_enablement ngwaf block. Default preserves behavior for services still on the legacy method. | `bool` | `true` | no | diff --git a/google_fastly_waf/alerts.tf b/google_fastly_waf/alerts.tf index 52e0a726..19ccabba 100644 --- a/google_fastly_waf/alerts.tf +++ b/google_fastly_waf/alerts.tf @@ -25,7 +25,12 @@ resource "fastly_integration" "ddos_protection_slack" { resource "fastly_alert" "ddos_protection" { count = local.ddos_protection_alert_enabled ? 1 : 0 - name = "${var.application}-${var.realm}-${var.environment} DDoS Protection events" + name = "${var.application}-${var.realm}-${var.environment} DDoS Protection events" + description = ( + var.ddos_protection_alert.description != null + ? var.ddos_protection_alert.description + : "A DDoS event has happened for ${var.application} ${var.environment}" + ) service_id = fastly_service_vcl.default.id source = "stats" metric = "ddos_protection_requests_detect_count" diff --git a/google_fastly_waf/variables.tf b/google_fastly_waf/variables.tf index 43290cf6..8ddba1bb 100644 --- a/google_fastly_waf/variables.tf +++ b/google_fastly_waf/variables.tf @@ -157,6 +157,7 @@ variable "ddos_protection_alert" { slack_webhook_secret = string # Slack incoming-webhook URL (sensitive) threshold = optional(number, 1) # ddos_protection_requests_detect_count that fires the alert period = optional(string, "5m") # evaluation window: 2m, 3m, 5m, 15m, or 30m + description = optional(string) # alert description; defaults to a generic per-service message }) default = null validation {