Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion google_fastly_waf/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,7 @@ module "fastly_stage" {
| <a name="input_cache_settings"></a> [cache\_settings](#input\_cache\_settings) | List of cache settings for the Fastly service. | <pre>list(object({<br/> name = string<br/> action = optional(string)<br/> cache_condition = optional(string)<br/> stale_ttl = optional(number)<br/> ttl = optional(number)<br/> }))</pre> | `[]` | no |
| <a name="input_conditions"></a> [conditions](#input\_conditions) | List of Fastly conditions to create (REQUEST, RESPONSE or CACHE). | <pre>list(object({<br/> name = string # required, unique<br/> statement = string # VCL conditional expression<br/> type = string # one of: REQUEST, RESPONSE, CACHE<br/> priority = optional(number) # lower runs first, default 10<br/> }))</pre> | `[]` | no |
| <a name="input_ddos_protection"></a> [ddos\_protection](#input\_ddos\_protection) | Optional DDoS Protection configuration for the Fastly service product enablement. | <pre>object({<br/> enabled = bool<br/> mode = string<br/> })</pre> | `null` | no |
| <a name="input_ddos_protection_alert"></a> [ddos\_protection\_alert](#input\_ddos\_protection\_alert) | Optional Slack alerting for Fastly DDoS Protection. When set, the module creates a Slack `fastly_integration` and a `fastly_alert` on the `ddos_protection_requests_detect_count` stats metric that notifies the channel behind the webhook. Intended to be paired with `ddos_protection` being enabled. Set to `null` (the default) to create no alerting resources. | <pre>object({<br/> enabled = optional(bool, true)<br/> slack_webhook_secret = string<br/> threshold = optional(number, 1)<br/> period = optional(string, "5m")<br/> })</pre> | `null` | no |
| <a name="input_ddos_protection_alert"></a> [ddos\_protection\_alert](#input\_ddos\_protection\_alert) | Optional Slack alerting for Fastly DDoS Protection. When set, the module creates a Slack `fastly_integration` and a `fastly_alert` on the `ddos_protection_requests_detect_count` stats metric that notifies the channel behind the webhook. Intended to be paired with `ddos_protection` being enabled. Set to `null` (the default) to create no alerting resources. | <pre>object({<br/> enabled = optional(bool, true)<br/> slack_webhook_secret = string<br/> threshold = optional(number, 1)<br/> period = optional(string, "5m")<br/> description = optional(string)<br/> })</pre> | `null` | no |
| <a name="input_domains"></a> [domains](#input\_domains) | A list of domains | `list(any)` | `[]` | no |
| <a name="input_https_redirect_enabled"></a> [https\_redirect\_enabled](#input\_https\_redirect\_enabled) | n/a | `bool` | `true` | no |
| <a name="input_legacy_edge_deployment"></a> [legacy\_edge\_deployment](#input\_legacy\_edge\_deployment) | If true (default), deploy NGWAF via the legacy sigsci EdgeDeployment APIs and Fastly dynamic snippets. If false, deploy via Fastly's product\_enablement ngwaf block. Default preserves behavior for services still on the legacy method. | `bool` | `true` | no |
Expand Down
7 changes: 6 additions & 1 deletion google_fastly_waf/alerts.tf
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,12 @@ resource "fastly_integration" "ddos_protection_slack" {
resource "fastly_alert" "ddos_protection" {
count = local.ddos_protection_alert_enabled ? 1 : 0

name = "${var.application}-${var.realm}-${var.environment} DDoS Protection events"
name = "${var.application}-${var.realm}-${var.environment} DDoS Protection events"
description = (
var.ddos_protection_alert.description != null
? var.ddos_protection_alert.description
: "A DDoS event has happened for ${var.application} ${var.environment}"
)
service_id = fastly_service_vcl.default.id
source = "stats"
metric = "ddos_protection_requests_detect_count"
Expand Down
1 change: 1 addition & 0 deletions google_fastly_waf/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,7 @@ variable "ddos_protection_alert" {
slack_webhook_secret = string # Slack incoming-webhook URL (sensitive)
threshold = optional(number, 1) # ddos_protection_requests_detect_count that fires the alert
period = optional(string, "5m") # evaluation window: 2m, 3m, 5m, 15m, or 30m
description = optional(string) # alert description; defaults to a generic per-service message
})
default = null
validation {
Expand Down
Loading