diff --git a/google_fastly_waf/README.md b/google_fastly_waf/README.md index acc93266..9b456602 100644 --- a/google_fastly_waf/README.md +++ b/google_fastly_waf/README.md @@ -148,7 +148,7 @@ module "fastly_stage" { | [cache\_settings](#input\_cache\_settings) | List of cache settings for the Fastly service. |
list(object({
name = string
action = optional(string)
cache_condition = optional(string)
stale_ttl = optional(number)
ttl = optional(number)
})) | `[]` | no |
| [conditions](#input\_conditions) | List of Fastly conditions to create (REQUEST, RESPONSE or CACHE). | list(object({
name = string # required, unique
statement = string # VCL conditional expression
type = string # one of: REQUEST, RESPONSE, CACHE
priority = optional(number) # lower runs first, default 10
})) | `[]` | no |
| [ddos\_protection](#input\_ddos\_protection) | Optional DDoS Protection configuration for the Fastly service product enablement. | object({
enabled = bool
mode = string
}) | `null` | no |
-| [ddos\_protection\_alert](#input\_ddos\_protection\_alert) | Optional Slack alerting for Fastly DDoS Protection. When set, the module creates a Slack `fastly_integration` and a `fastly_alert` on the `ddos_protection_requests_detect_count` stats metric that notifies the channel behind the webhook. Intended to be paired with `ddos_protection` being enabled. Set to `null` (the default) to create no alerting resources. | object({
enabled = optional(bool, true)
slack_webhook_secret = string
threshold = optional(number, 1)
period = optional(string, "5m")
}) | `null` | no |
+| [ddos\_protection\_alert](#input\_ddos\_protection\_alert) | Optional Slack alerting for Fastly DDoS Protection. When set, the module creates a Slack `fastly_integration` and a `fastly_alert` on the `ddos_protection_requests_detect_count` stats metric that notifies the channel behind the webhook. Intended to be paired with `ddos_protection` being enabled. Set to `null` (the default) to create no alerting resources. | object({
enabled = optional(bool, true)
slack_webhook_secret = string
threshold = optional(number, 1)
period = optional(string, "5m")
description = optional(string)
}) | `null` | no |
| [domains](#input\_domains) | A list of domains | `list(any)` | `[]` | no |
| [https\_redirect\_enabled](#input\_https\_redirect\_enabled) | n/a | `bool` | `true` | no |
| [legacy\_edge\_deployment](#input\_legacy\_edge\_deployment) | If true (default), deploy NGWAF via the legacy sigsci EdgeDeployment APIs and Fastly dynamic snippets. If false, deploy via Fastly's product\_enablement ngwaf block. Default preserves behavior for services still on the legacy method. | `bool` | `true` | no |
diff --git a/google_fastly_waf/alerts.tf b/google_fastly_waf/alerts.tf
index 52e0a726..19ccabba 100644
--- a/google_fastly_waf/alerts.tf
+++ b/google_fastly_waf/alerts.tf
@@ -25,7 +25,12 @@ resource "fastly_integration" "ddos_protection_slack" {
resource "fastly_alert" "ddos_protection" {
count = local.ddos_protection_alert_enabled ? 1 : 0
- name = "${var.application}-${var.realm}-${var.environment} DDoS Protection events"
+ name = "${var.application}-${var.realm}-${var.environment} DDoS Protection events"
+ description = (
+ var.ddos_protection_alert.description != null
+ ? var.ddos_protection_alert.description
+ : "A DDoS event has happened for ${var.application} ${var.environment}"
+ )
service_id = fastly_service_vcl.default.id
source = "stats"
metric = "ddos_protection_requests_detect_count"
diff --git a/google_fastly_waf/variables.tf b/google_fastly_waf/variables.tf
index 43290cf6..8ddba1bb 100644
--- a/google_fastly_waf/variables.tf
+++ b/google_fastly_waf/variables.tf
@@ -157,6 +157,7 @@ variable "ddos_protection_alert" {
slack_webhook_secret = string # Slack incoming-webhook URL (sensitive)
threshold = optional(number, 1) # ddos_protection_requests_detect_count that fires the alert
period = optional(string, "5m") # evaluation window: 2m, 3m, 5m, 15m, or 30m
+ description = optional(string) # alert description; defaults to a generic per-service message
})
default = null
validation {