From d1968e0277c2b57bb8a47467fbb47a5b662b9471 Mon Sep 17 00:00:00 2001
From: Ali Bahman <abn@webit4.me>
Date: Thu, 12 Dec 2024 16:12:08 +0000
Subject: [PATCH] DP-1002 Exclude WAF from the Orchestrator account

---
 terragrunt/modules/core-networking/variables.tf | 5 +++++
 terragrunt/modules/core-networking/waf.tf       | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/terragrunt/modules/core-networking/variables.tf b/terragrunt/modules/core-networking/variables.tf
index 14677fb4e..508535fbd 100644
--- a/terragrunt/modules/core-networking/variables.tf
+++ b/terragrunt/modules/core-networking/variables.tf
@@ -1,3 +1,8 @@
+variable "environment" {
+  description = "The environment we are provisioning"
+  type        = string
+}
+
 variable "is_production" {
   description = "Indicates whether the target account is configured with production-level settings"
   type        = bool
diff --git a/terragrunt/modules/core-networking/waf.tf b/terragrunt/modules/core-networking/waf.tf
index 7119a905b..34a05ea23 100644
--- a/terragrunt/modules/core-networking/waf.tf
+++ b/terragrunt/modules/core-networking/waf.tf
@@ -1,4 +1,6 @@
 resource "aws_wafv2_web_acl" "this" {
+  count = var.environment != "orchestrator" ? 1 : 0
+
   name        = "${local.name_prefix}-acl"
   description = "${local.name_prefix} Web ACL"
   scope       = "REGIONAL" # "CLOUDFRONT" N.Virginia