DP-1002 Exclude WAF from the Orchestrator account

cabinetoffice · Dec 12, 2024 · d1968e0 · d1968e0
1 parent 81c083c
commit d1968e0
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/terragrunt/modules/core-networking/variables.tf b/terragrunt/modules/core-networking/variables.tf
@@ -1,3 +1,8 @@
+variable "environment" {
+  description = "The environment we are provisioning"
+  type        = string
+}
+
 variable "is_production" {
   description = "Indicates whether the target account is configured with production-level settings"
   type        = bool

diff --git a/terragrunt/modules/core-networking/waf.tf b/terragrunt/modules/core-networking/waf.tf
@@ -1,4 +1,6 @@
 resource "aws_wafv2_web_acl" "this" {
+  count = var.environment != "orchestrator" ? 1 : 0
+
   name        = "${local.name_prefix}-acl"
   description = "${local.name_prefix} Web ACL"
   scope       = "REGIONAL" # "CLOUDFRONT" N.Virginia