Skip to content

mgroff2/aws-waf-challenge

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
img
img
 
 
us-east-1
us-east-1
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

WAF Challenge Action Demo

Overview

This Terraform project demonstrates how to use the AWS WAF "Challenge" action without the integration SDK (Interstitial Interaction). The setup includes an ALB, CloudFront distribution, AutoScaling group, and VPC to simulate a basic web application protected by AWS WAF.

Architecture

The architecture of this demo project is designed to showcase how AWS WAF's "Challenge" action can be implemented without using the integration SDK. The setup involves multiple AWS services working together to simulate a basic web application environment. Below is a breakdown of the architecture components:

1. VPC (Virtual Private Cloud):

  • Custom VPC: A Virtual Private Cloud is created to host all the networking components required for the web application.
  • Subnets: The VPC is divided into public and private subnets across three Availability Zones (AZs).
    • Public Subnets: These subnets host the Application Load Balancer (ALB) and provide external access to the web application.
    • Private Subnets: These subnets host the AutoScaling group of EC2 instances, which run the web server.

2. ALB (Application Load Balancer):

  • Load Balancer: The ALB distributes incoming HTTP traffic across the EC2 instances in the private subnets.
  • Security: The ALB is configured to only accept traffic from the CloudFront distribution using a security group that allows inbound traffic only from CloudFront's managed prefix list. Additionally, the ALB validates the presence of a custom header (X-WAF-Header) added by CloudFront. If the header is missing, the ALB returns an "Access Denied" response.

3. CloudFront Distribution:

  • Content Delivery Network (CDN): CloudFront is used as a CDN to serve content globally with low latency.
  • Custom Origin: The ALB is set as the custom origin for CloudFront, ensuring that all requests to the application go through CloudFront.
  • Custom Headers: CloudFront adds a custom header (X-WAF-Header) to each request before forwarding it to the ALB. This header is validated by the ALB to ensure that traffic is coming from the trusted CloudFront distribution.

4. AutoScaling Group (ASG):

  • EC2 Instances: The ASG manages a group of EC2 instances running a simple web server. For this demo environment, the minimum, maximum, and desired capacities are all set to 1, ensuring that only one instance is running at any time.
  • Health Checks: The ASG is configured with health checks to ensure that only healthy instances receive traffic.

5. WAF (Web Application Firewall):

  • Challenge Rule: AWS WAF is configured with a challenge rule that silently verifies if the client is a legitimate browser, without involving the end user. This challenge is run in the background and is useful for filtering out bots while providing a seamless experience for users.
  • Integration with CloudFront: The WAF is associated with the CloudFront distribution, allowing it to filter and challenge traffic before it reaches the ALB.

6. Route 53:

  • DNS Management: Amazon Route 53 is used for DNS management. A subdomain (waf.example.com) is created to route traffic to the CloudFront distribution.

This architecture demonstrates a secure and scalable web application environment with AWS services, emphasizing the use of AWS WAF's "Challenge" action to protect sensitive resources and ensure that only legitimate traffic reaches the application.

Diagram

Architecture Diagram

Demo Screenshots

Root Website WAF Challenge Response

Skills

  • Terraform
  • AWS [VPC, EC2, ALB, CloudFront, WAF]

Prerequisites

Before running this project, ensure you have the following:

  • An active AWS account
  • A Route 53 hosted zone with a valid domain name. This project will create the subdomain waf for this demo.
    • Example Usage: domain_name = "michaelgroff.info"
    • Subdomain Result: waf.michaelgroff.info
  • Terraform installed on your local machine

Terraform S3 Backend Initialization:

terraform init \
  -backend-config="bucket=<my-terraform-backend>" \
  -backend-config="key=<my-waf-challenge>" \
  -backend-config="region=<us-east-1>" \
  -backend-config="kms_key_id=alias/<my-terraform-backend>" \
  -backend-config="encrypt=true"

Inputs

The project requires the following inputs:

  • Region: The AWS region to deploy the infrastructure.
  • Domain Name: The domain name associated with your Route 53 hosted zone.
  • Zone ID: The hosted zone ID for your domain.

Providing Inputs

These inputs can be provided in the terraform.tfvars file:

# terraform.tfvars
# General
name = "waf-challenge"
region = "us-east-1"
default_tags = {
  "Project" = "waf-challenge"
  "Environment" = "dev"
}

# VPC
azs = ["us-east-1a", "us-east-1b", "us-east-1c"]
cidr = "10.0.0.0/16"
public_subnets = ["10.0.0.0/24", "10.0.2.0/24", "10.0.4.0/24"]
private_subnets = ["10.0.1.0/24", "10.0.3.0/24", "10.0.5.0/24"]
enable_dns_hostnames = true
enable_dns_support = true
enable_nat_gateway = false
single_nat_gateway = false
enable_vpn_gateway = false

# AutoScaling Group
min_size = 1
max_size = 1
desired_capacity = 1
health_check_type = "EC2"
instance_type = "t3.micro"
ebs_optimized = true
enable_monitoring = true

# Domain Information
domain_name = "REPLACE_WITH_DOMAIN_NAME"
zone_id = "REPLACE_WITH_ZONE_ID"

Alternative: CLI Input

Alternatively, you can provide these variables directly in the command line when running terraform plan or terraform apply:

terraform plan -var="region=us-east-1" -var="domain_name=example.com" -var="zone_id=ZXXXXXXXXXXXXX"
terraform apply -var="region=us-east-1" -var="domain_name=example.com" -var="zone_id=ZXXXXXXXXXXXXX"

This method is useful when you don't want to modify the terraform.tfvars file or when you're running Terraform in an automated environment.

Usage

  1. Clone this repository.

  2. Navigate to the project directory.

  3. Create a terraform.tfvars file with your input values.

  4. Initialize Terraform:

    terraform init

  5. Review the Terraform plan:

    terraform plan

  6. Apply the Terraform configuration:

    terraform apply

Cleaning Up

To destroy the resources created by this project, run:

terraform destroy

Requirements

Name Version
aws ~> 5.62.0

Providers

Name Version
aws 5.62.0
random 3.6.2

Modules

Name Source Version
acm terraform-aws-modules/acm/aws ~> 5.1.0
alb terraform-aws-modules/alb/aws 9.11.0
asg terraform-aws-modules/autoscaling/aws 8.0.0
cloudfront terraform-aws-modules/cloudfront/aws 3.4.0
vpc terraform-aws-modules/vpc/aws 5.12.1

Resources

Name Type
aws_default_security_group.default resource
aws_route53_record.waf resource
aws_wafv2_web_acl.waf resource
random_string.custom_header_value resource
aws_ami.amazon_linux_2 data source
aws_caller_identity.current data source
aws_ec2_managed_prefix_list.cloudfront data source
aws_partition.current data source
aws_region.current data source

Inputs

Name Description Type Default Required
acm_certificate_domain_validation_options A list of domain_validation_options created by the ACM certificate to create required Route53 records from it (used when create_route53_records_only is set to true) any {} no
amazon_side_asn The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN string "64512" no
autoscaling_group_tags A map of additional tags to add to the autoscaling group map(string) {} no
availability_zones A list of one or more availability zones for the group. Used for EC2-Classic and default subnets when not specified with vpc_zone_identifier argument. Conflicts with vpc_zone_identifier list(string) null no
azs A list of availability zones names or ids in the region list(string) [] no
block_device_mappings Specify volumes to attach to the instance besides the volumes specified by the AMI list(any) [] no
capacity_rebalance Indicates whether capacity rebalance is enabled bool null no
capacity_reservation_specification Targeting for EC2 capacity reservations any {} no
certificate_transparency_logging_preference Specifies whether certificate details should be added to a certificate transparency log bool true no
cidr (Optional) The IPv4 CIDR block for the VPC. CIDR can be explicitly set or it can be derived from IPAM using ipv4_netmask_length & ipv4_ipam_pool_id string "10.0.0.0/16" no
cpu_options The CPU options for the instance map(string) {} no
create Determines whether to create autoscaling group or not bool true no
create_certificate Whether to create ACM certificate bool true no
create_database_internet_gateway_route Controls if an internet gateway route for public database access should be created bool false no
create_database_nat_gateway_route Controls if a nat gateway route should be created to give internet access to the database subnets bool false no
create_database_subnet_group Controls if database subnet group should be created (n.b. database_subnets must also be set) bool true no
create_database_subnet_route_table Controls if separate route table for database should be created bool false no
create_egress_only_igw Controls if an Egress Only Internet Gateway is created and its related routes bool true no
create_elasticache_subnet_group Controls if elasticache subnet group should be created bool true no
create_elasticache_subnet_route_table Controls if separate route table for elasticache should be created bool false no
create_flow_log_cloudwatch_iam_role Whether to create IAM role for VPC Flow Logs bool false no
create_flow_log_cloudwatch_log_group Whether to create CloudWatch log group for VPC Flow Logs bool false no
create_iam_instance_profile Determines whether an IAM instance profile is created or to use an existing IAM instance profile bool false no
create_igw Controls if an Internet Gateway is created for public subnets and the related routes that connect them bool true no
create_launch_template Determines whether to create launch template or not bool true no
create_multiple_intra_route_tables Indicates whether to create a separate route table for each intra subnet. Default: false bool false no
create_multiple_public_route_tables Indicates whether to create a separate route table for each public subnet. Default: false bool false no
create_redshift_subnet_group Controls if redshift subnet group should be created bool true no
create_redshift_subnet_route_table Controls if separate route table for redshift should be created bool false no
create_route53_records When validation is set to DNS, define whether to create the DNS records internally via Route53 or externally using any DNS provider bool true no
create_route53_records_only Whether to create only Route53 records (e.g. using separate AWS provider) bool false no
create_scaling_policy Determines whether to create target scaling policy schedule or not bool true no
create_schedule Determines whether to create autoscaling group schedule or not bool true no
create_traffic_source_attachment Determines whether to create autoscaling group traffic source attachment bool false no
create_vpc Controls if VPC should be created (it affects almost all resources) bool true no
credit_specification Customize the credit specification of the instance map(string) {} no
customer_gateway_tags Additional tags for the Customer Gateway map(string) {} no
customer_gateways Maps of Customer Gateway's attributes (BGP ASN and Gateway's Internet-routable external IP address) map(map(any)) {} no
customer_owned_ipv4_pool The customer owned IPv4 address pool. Typically used with the map_customer_owned_ip_on_launch argument. The outpost_arn argument must be specified when configured string null no
database_acl_tags Additional tags for the database subnets network ACL map(string) {} no
database_dedicated_network_acl Whether to use dedicated network ACL (not default) and custom rules for database subnets bool false no
database_inbound_acl_rules Database subnets inbound network ACL rules list(map(string)) 
[
 {
 "cidr_block": "0.0.0.0/0",
 "from_port": 0,
 "protocol": "-1",
 "rule_action": "allow",
 "rule_number": 100,
 "to_port": 0
 }
]
 no
database_outbound_acl_rules Database subnets outbound network ACL rules list(map(string)) 
[
 {
 "cidr_block": "0.0.0.0/0",
 "from_port": 0,
 "protocol": "-1",
 "rule_action": "allow",
 "rule_number": 100,
 "to_port": 0
 }
]
 no
database_route_table_tags Additional tags for the database route tables map(string) {} no
database_subnet_assign_ipv6_address_on_creation Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is false bool false no
database_subnet_enable_dns64 Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: true bool true no
database_subnet_enable_resource_name_dns_a_record_on_launch Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false bool false no
database_subnet_enable_resource_name_dns_aaaa_record_on_launch Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: true bool true no
database_subnet_group_name Name of database subnet group string null no
database_subnet_group_tags Additional tags for the database subnet group map(string) {} no
database_subnet_ipv6_native Indicates whether to create an IPv6-only subnet. Default: false bool false no
database_subnet_ipv6_prefixes Assigns IPv6 database subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list list(string) [] no
database_subnet_names Explicit values to use in the Name tag on database subnets. If empty, Name tags are generated list(string) [] no
database_subnet_private_dns_hostname_type_on_launch The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: ip-name, resource-name string null no
database_subnet_suffix Suffix to append to database subnets name string "db" no
database_subnet_tags Additional tags for the database subnets map(string) {} no
database_subnets A list of database subnets inside the VPC list(string) [] no
default_cooldown The amount of time, in seconds, after a scaling activity completes before another scaling activity can start number null no
default_instance_warmup Amount of time, in seconds, until a newly launched instance can contribute to the Amazon CloudWatch metrics. This delay lets an instance finish initializing before Amazon EC2 Auto Scaling aggregates instance metrics, resulting in more reliable usage data. Set this value equal to the amount of time that it takes for resource consumption to become stable after an instance reaches the InService state. number null no
default_network_acl_egress List of maps of egress rules to set on the Default Network ACL list(map(string)) 
[
 {
 "action": "allow",
 "cidr_block": "0.0.0.0/0",
 "from_port": 0,
 "protocol": "-1",
 "rule_no": 100,
 "to_port": 0
 },
 {
 "action": "allow",
 "from_port": 0,
 "ipv6_cidr_block": "::/0",
 "protocol": "-1",
 "rule_no": 101,
 "to_port": 0
 }
]
 no
default_network_acl_ingress List of maps of ingress rules to set on the Default Network ACL list(map(string)) 
[
 {
 "action": "allow",
 "cidr_block": "0.0.0.0/0",
 "from_port": 0,
 "protocol": "-1",
 "rule_no": 100,
 "to_port": 0
 },
 {
 "action": "allow",
 "from_port": 0,
 "ipv6_cidr_block": "::/0",
 "protocol": "-1",
 "rule_no": 101,
 "to_port": 0
 }
]
 no
default_network_acl_name Name to be used on the Default Network ACL string null no
default_network_acl_tags Additional tags for the Default Network ACL map(string) {} no
default_route_table_name Name to be used on the default route table string null no
default_route_table_propagating_vgws List of virtual gateways for propagation list(string) [] no
default_route_table_routes Configuration block of routes. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_route_table#route list(map(string)) [] no
default_route_table_tags Additional tags for the default route table map(string) {} no
default_security_group_egress List of maps of egress rules to set on the default security group list(map(string)) [] no
default_security_group_ingress List of maps of ingress rules to set on the default security group list(map(string)) [] no
default_security_group_name Name to be used on the default security group string null no
default_security_group_tags Additional tags for the default security group map(string) {} no
default_tags Default tags to apply to all resources map(string) n/a yes
default_version Default Version of the launch template string null no
default_vpc_enable_dns_hostnames Should be true to enable DNS hostnames in the Default VPC bool true no
default_vpc_enable_dns_support Should be true to enable DNS support in the Default VPC bool true no
default_vpc_name Name to be used on the Default VPC string null no
default_vpc_tags Additional tags for the Default VPC map(string) {} no
delete_timeout Delete timeout to wait for destroying autoscaling group string null no
desired_capacity The number of Amazon EC2 instances that should be running in the autoscaling group number null no
desired_capacity_type The unit of measurement for the value specified for desired_capacity. Supported for attribute-based instance type selection only. Valid values: units, vcpu, memory-mib. string null no
dhcp_options_domain_name Specifies DNS name for DHCP options set (requires enable_dhcp_options set to true) string "" no
dhcp_options_domain_name_servers Specify a list of DNS server addresses for DHCP options set, default to AWS provided (requires enable_dhcp_options set to true) list(string) 
[
 "AmazonProvidedDNS"
]
 no
dhcp_options_ipv6_address_preferred_lease_time How frequently, in seconds, a running instance with an IPv6 assigned to it goes through DHCPv6 lease renewal (requires enable_dhcp_options set to true) number null no
dhcp_options_netbios_name_servers Specify a list of netbios servers for DHCP options set (requires enable_dhcp_options set to true) list(string) [] no
dhcp_options_netbios_node_type Specify netbios node_type for DHCP options set (requires enable_dhcp_options set to true) string "" no
dhcp_options_ntp_servers Specify a list of NTP servers for DHCP options set (requires enable_dhcp_options set to true) list(string) [] no
dhcp_options_tags Additional tags for the DHCP option set (requires enable_dhcp_options set to true) map(string) {} no
disable_api_stop If true, enables EC2 instance stop protection bool null no
disable_api_termination If true, enables EC2 instance termination protection bool null no
distinct_domain_names List of distinct domains and SANs (used when create_route53_records_only is set to true) list(string) [] no
dns_ttl The TTL of DNS recursive resolvers to cache information about this record. number 60 no
domain_name A domain name for which the certificate should be issued string "" no
ebs_optimized If true, the launched EC2 instance will be EBS-optimized bool null no
elastic_gpu_specifications The elastic GPU to attach to the instance map(string) {} no
elastic_inference_accelerator Configuration block containing an Elastic Inference Accelerator to attach to the instance map(string) {} no
elasticache_acl_tags Additional tags for the elasticache subnets network ACL map(string) {} no
elasticache_dedicated_network_acl Whether to use dedicated network ACL (not default) and custom rules for elasticache subnets bool false no
elasticache_inbound_acl_rules Elasticache subnets inbound network ACL rules list(map(string)) 
[
 {
 "cidr_block": "0.0.0.0/0",
 "from_port": 0,
 "protocol": "-1",
 "rule_action": "allow",
 "rule_number": 100,
 "to_port": 0
 }
]
 no
elasticache_outbound_acl_rules Elasticache subnets outbound network ACL rules list(map(string)) 
[
 {
 "cidr_block": "0.0.0.0/0",
 "from_port": 0,
 "protocol": "-1",
 "rule_action": "allow",
 "rule_number": 100,
 "to_port": 0
 }
]
 no
elasticache_route_table_tags Additional tags for the elasticache route tables map(string) {} no
elasticache_subnet_assign_ipv6_address_on_creation Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is false bool false no
elasticache_subnet_enable_dns64 Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: true bool true no
elasticache_subnet_enable_resource_name_dns_a_record_on_launch Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false bool false no
elasticache_subnet_enable_resource_name_dns_aaaa_record_on_launch Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: true bool true no
elasticache_subnet_group_name Name of elasticache subnet group string null no
elasticache_subnet_group_tags Additional tags for the elasticache subnet group map(string) {} no
elasticache_subnet_ipv6_native Indicates whether to create an IPv6-only subnet. Default: false bool false no
elasticache_subnet_ipv6_prefixes Assigns IPv6 elasticache subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list list(string) [] no
elasticache_subnet_names Explicit values to use in the Name tag on elasticache subnets. If empty, Name tags are generated list(string) [] no
elasticache_subnet_private_dns_hostname_type_on_launch The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: ip-name, resource-name string null no
elasticache_subnet_suffix Suffix to append to elasticache subnets name string "elasticache" no
elasticache_subnet_tags Additional tags for the elasticache subnets map(string) {} no
elasticache_subnets A list of elasticache subnets inside the VPC list(string) [] no
enable_dhcp_options Should be true if you want to specify a DHCP options set with a custom domain name, DNS servers, NTP servers, netbios servers, and/or netbios server type bool false no
enable_dns_hostnames Should be true to enable DNS hostnames in the VPC bool true no
enable_dns_support Should be true to enable DNS support in the VPC bool true no
enable_flow_log Whether or not to enable VPC Flow Logs bool false no
enable_ipv6 Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block bool false no
enable_monitoring Enables/disables detailed monitoring bool true no
enable_nat_gateway Should be true if you want to provision NAT Gateways for each of your private networks bool false no
enable_network_address_usage_metrics Determines whether network address usage metrics are enabled for the VPC bool null no
enable_public_redshift Controls if redshift should have public routing table bool false no
enable_vpn_gateway Should be true if you want to create a new VPN Gateway resource and attach it to the VPC bool false no
enabled_metrics A list of metrics to collect. The allowed values are GroupDesiredCapacity, GroupInServiceCapacity, GroupPendingCapacity, GroupMinSize, GroupMaxSize, GroupInServiceInstances, GroupPendingInstances, GroupStandbyInstances, GroupStandbyCapacity, GroupTerminatingCapacity, GroupTerminatingInstances, GroupTotalCapacity, GroupTotalInstances list(string) [] no
enclave_options Enable Nitro Enclaves on launched instances map(string) {} no
external_nat_ip_ids List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse_nat_ips) list(string) [] no
external_nat_ips List of EIPs to be used for nat_public_ips output (used in combination with reuse_nat_ips and external_nat_ip_ids) list(string) [] no
flow_log_cloudwatch_iam_role_arn The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group. When flow_log_destination_arn is set to ARN of Cloudwatch Logs, this argument needs to be provided string "" no
flow_log_cloudwatch_log_group_class Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT_ACCESS string null no
flow_log_cloudwatch_log_group_kms_key_id The ARN of the KMS Key to use when encrypting log data for VPC flow logs string null no
flow_log_cloudwatch_log_group_name_prefix Specifies the name prefix of CloudWatch Log Group for VPC flow logs string "/aws/vpc-flow-log/" no
flow_log_cloudwatch_log_group_name_suffix Specifies the name suffix of CloudWatch Log Group for VPC flow logs string "" no
flow_log_cloudwatch_log_group_retention_in_days Specifies the number of days you want to retain log events in the specified log group for VPC flow logs number null no
flow_log_cloudwatch_log_group_skip_destroy Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state bool false no
flow_log_deliver_cross_account_role (Optional) ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts. string null no
flow_log_destination_arn The ARN of the CloudWatch log group or S3 bucket where VPC Flow Logs will be pushed. If this ARN is a S3 bucket the appropriate permissions need to be set on that bucket's policy. When create_flow_log_cloudwatch_log_group is set to false this argument must be provided string "" no
flow_log_destination_type Type of flow log destination. Can be s3, kinesis-data-firehose or cloud-watch-logs string "cloud-watch-logs" no
flow_log_file_format (Optional) The format for the flow log. Valid values: plain-text, parquet string null no
flow_log_hive_compatible_partitions (Optional) Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3 bool false no
flow_log_log_format The fields to include in the flow log record, in the order in which they should appear string null no
flow_log_max_aggregation_interval The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds or 600 seconds number 600 no
flow_log_per_hour_partition (Optional) Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries bool false no
flow_log_traffic_type The type of traffic to capture. Valid values: ACCEPT, REJECT, ALL string "ALL" no
force_delete Allows deleting the Auto Scaling Group without waiting for all instances in the pool to terminate. You can force an Auto Scaling Group to delete even if it's in the process of scaling a resource. Normally, Terraform drains all the instances before deleting the group. This bypasses that behavior and potentially leaves resources dangling bool null no
health_check_grace_period Time (in seconds) after instance comes into service before checking health number null no
health_check_type EC2 or ELB. Controls how health checking is done string null no
hibernation_options The hibernation options for the instance map(string) {} no
iam_instance_profile_arn Amazon Resource Name (ARN) of an existing IAM instance profile. Used when create_iam_instance_profile = false string null no
iam_instance_profile_name The name of the IAM instance profile to be created (create_iam_instance_profile = true) or existing (create_iam_instance_profile = false) string null no
iam_role_description Description of the role string null no
iam_role_name Name to use on IAM role created string null no
iam_role_path IAM role path string null no
iam_role_permissions_boundary ARN of the policy that is used to set the permissions boundary for the IAM role string null no
iam_role_policies IAM policies to attach to the IAM role map(string) {} no
iam_role_tags A map of additional tags to add to the IAM role created map(string) {} no
iam_role_use_name_prefix Determines whether the IAM role name (iam_role_name) is used as a prefix bool true no
ignore_desired_capacity_changes Determines whether the desired_capacity value is ignored after initial apply. See README note for more details bool false no
ignore_failed_scaling_activities Whether to ignore failed Auto Scaling scaling activities while waiting for capacity. The default is false -- failed scaling activities cause errors to be returned. bool false no
igw_tags Additional tags for the internet gateway map(string) {} no
image_id The AMI from which to launch the instance string "" no
initial_lifecycle_hooks One or more Lifecycle Hooks to attach to the Auto Scaling Group before instances are launched. The syntax is exactly the same as the separate aws_autoscaling_lifecycle_hook resource, without the autoscaling_group_name attribute. Please note that this will only work when creating a new Auto Scaling Group. For all other use-cases, please use aws_autoscaling_lifecycle_hook resource list(map(string)) [] no
instance_initiated_shutdown_behavior Shutdown behavior for the instance. Can be stop or terminate. (Default: stop) string null no
instance_maintenance_policy If this block is configured, add a instance maintenance policy to the specified Auto Scaling group map(any) {} no
instance_market_options The market (purchasing) option for the instance any {} no
instance_name Name that is propogated to launched EC2 instances via a tag - if not provided, defaults to var.name string "" no
instance_refresh If this block is configured, start an Instance Refresh when this Auto Scaling Group is updated any {} no
instance_requirements The attribute requirements for the type of instance. If present then instance_type cannot be present any {} no
instance_tenancy A tenancy option for instances launched into the VPC string "default" no
instance_type The type of the instance. If present then instance_requirements cannot be present string null no
intra_acl_tags Additional tags for the intra subnets network ACL map(string) {} no
intra_dedicated_network_acl Whether to use dedicated network ACL (not default) and custom rules for intra subnets bool false no
intra_inbound_acl_rules Intra subnets inbound network ACLs list(map(string)) 
[
 {
 "cidr_block": "0.0.0.0/0",
 "from_port": 0,
 "protocol": "-1",
 "rule_action": "allow",
 "rule_number": 100,
 "to_port": 0
 }
]
 no
intra_outbound_acl_rules Intra subnets outbound network ACLs list(map(string)) 
[
 {
 "cidr_block": "0.0.0.0/0",
 "from_port": 0,
 "protocol": "-1",
 "rule_action": "allow",
 "rule_number": 100,
 "to_port": 0
 }
]
 no
intra_route_table_tags Additional tags for the intra route tables map(string) {} no
intra_subnet_assign_ipv6_address_on_creation Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is false bool false no
intra_subnet_enable_dns64 Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: true bool true no
intra_subnet_enable_resource_name_dns_a_record_on_launch Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false bool false no
intra_subnet_enable_resource_name_dns_aaaa_record_on_launch Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: true bool true no
intra_subnet_ipv6_native Indicates whether to create an IPv6-only subnet. Default: false bool false no
intra_subnet_ipv6_prefixes Assigns IPv6 intra subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list list(string) [] no
intra_subnet_names Explicit values to use in the Name tag on intra subnets. If empty, Name tags are generated list(string) [] no
intra_subnet_private_dns_hostname_type_on_launch The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: ip-name, resource-name string null no
intra_subnet_suffix Suffix to append to intra subnets name string "intra" no
intra_subnet_tags Additional tags for the intra subnets map(string) {} no
intra_subnets A list of intra subnets inside the VPC list(string) [] no
ipv4_ipam_pool_id (Optional) The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR string null no
ipv4_netmask_length (Optional) The netmask length of the IPv4 CIDR you want to allocate to this VPC. Requires specifying a ipv4_ipam_pool_id number null no
ipv6_cidr (Optional) IPv6 CIDR block to request from an IPAM Pool. Can be set explicitly or derived from IPAM using ipv6_netmask_length string null no
ipv6_cidr_block_network_border_group By default when an IPv6 CIDR is assigned to a VPC a default ipv6_cidr_block_network_border_group will be set to the region of the VPC. This can be changed to restrict advertisement of public addresses to specific Network Border Groups such as LocalZones string null no
ipv6_ipam_pool_id (Optional) IPAM Pool ID for a IPv6 pool. Conflicts with assign_generated_ipv6_cidr_block string null no
ipv6_netmask_length (Optional) Netmask length to request from IPAM Pool. Conflicts with ipv6_cidr_block. This can be omitted if IPAM pool as a allocation_default_netmask_length set. Valid values: 56 number null no
kernel_id The kernel ID string null no
key_algorithm Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data string null no
key_name The key name that should be used for the instance string null no
launch_template_description Description of the launch template string null no
launch_template_id ID of an existing launch template to be used (created outside of this module) string null no
launch_template_name Name of launch template to be created string "" no
launch_template_use_name_prefix Determines whether to use launch_template_name as is or create a unique name beginning with the launch_template_name as the prefix bool true no
launch_template_version Launch template version. Can be version number, $Latest, or $Default string null no
license_specifications A list of license specifications to associate with map(string) {} no
load_balancers A list of elastic load balancer names to add to the autoscaling group names. Only valid for classic load balancers. For ALBs, use target_group_arns instead list(string) [] no
maintenance_options The maintenance options for the instance any {} no
manage_default_network_acl Should be true to adopt and manage Default Network ACL bool true no
manage_default_route_table Should be true to manage default route table bool true no
manage_default_security_group Should be true to adopt and manage default security group bool true no
manage_default_vpc Should be true to adopt and manage Default VPC bool false no
map_customer_owned_ip_on_launch Specify true to indicate that network interfaces created in the subnet should be assigned a customer owned IP address. The customer_owned_ipv4_pool and outpost_arn arguments must be specified when set to true. Default is false bool false no
map_public_ip_on_launch Specify true to indicate that instances launched into the subnet should be assigned a public IP address. Default is false bool false no
max_instance_lifetime The maximum amount of time, in seconds, that an instance can be in service, values must be either equal to 0 or between 86400 and 31536000 seconds number null no
max_size The maximum size of the autoscaling group number null no
metadata_options Customize the metadata options for the instance map(string) {} no
metrics_granularity The granularity to associate with the metrics to collect. The only valid value is 1Minute string null no
min_elb_capacity Setting this causes Terraform to wait for this number of instances to show up healthy in the ELB only on creation. Updates will not wait on ELB instance number changes number null no
min_size The minimum size of the autoscaling group number null no
mixed_instances_policy Configuration block containing settings to define launch targets for Auto Scaling groups any null no
name Name to be used on all the resources as identifier string "" no
nat_eip_tags Additional tags for the NAT EIP map(string) {} no
nat_gateway_destination_cidr_block Used to pass a custom destination route for private NAT Gateway. If not specified, the default 0.0.0.0/0 is used as a destination route string "0.0.0.0/0" no
nat_gateway_tags Additional tags for the NAT gateways map(string) {} no
network_interfaces Customize network interfaces to be attached at instance boot time list(any) [] no
one_nat_gateway_per_az Should be true if you want only one NAT Gateway per availability zone. Requires var.azs to be set, and the number of public_subnets created to be greater than or equal to the number of availability zones specified in var.azs bool false no
outpost_acl_tags Additional tags for the outpost subnets network ACL map(string) {} no
outpost_arn ARN of Outpost you want to create a subnet in string null no
outpost_az AZ where Outpost is anchored string null no
outpost_dedicated_network_acl Whether to use dedicated network ACL (not default) and custom rules for outpost subnets bool false no
outpost_inbound_acl_rules Outpost subnets inbound network ACLs list(map(string)) 
[
 {
 "cidr_block": "0.0.0.0/0",
 "from_port": 0,
 "protocol": "-1",
 "rule_action": "allow",
 "rule_number": 100,
 "to_port": 0
 }
]
 no
outpost_outbound_acl_rules Outpost subnets outbound network ACLs list(map(string)) 
[
 {
 "cidr_block": "0.0.0.0/0",
 "from_port": 0,
 "protocol": "-1",
 "rule_action": "allow",
 "rule_number": 100,
 "to_port": 0
 }
]
 no
outpost_subnet_assign_ipv6_address_on_creation Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is false bool false no
outpost_subnet_enable_dns64 Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: true bool true no
outpost_subnet_enable_resource_name_dns_a_record_on_launch Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false bool false no
outpost_subnet_enable_resource_name_dns_aaaa_record_on_launch Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: true bool true no
outpost_subnet_ipv6_native Indicates whether to create an IPv6-only subnet. Default: false bool false no
outpost_subnet_ipv6_prefixes Assigns IPv6 outpost subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list list(string) [] no
outpost_subnet_names Explicit values to use in the Name tag on outpost subnets. If empty, Name tags are generated list(string) [] no
outpost_subnet_private_dns_hostname_type_on_launch The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: ip-name, resource-name string null no
outpost_subnet_suffix Suffix to append to outpost subnets name string "outpost" no
outpost_subnet_tags Additional tags for the outpost subnets map(string) {} no
outpost_subnets A list of outpost subnets inside the VPC list(string) [] no
placement The placement of the instance map(string) {} no
placement_group The name of the placement group into which you'll launch your instances, if any string null no
private_acl_tags Additional tags for the private subnets network ACL map(string) {} no
private_dedicated_network_acl Whether to use dedicated network ACL (not default) and custom rules for private subnets bool false no
private_dns_name_options The options for the instance hostname. The default values are inherited from the subnet map(string) {} no
private_inbound_acl_rules Private subnets inbound network ACLs list(map(string)) 
[
 {
 "cidr_block": "0.0.0.0/0",
 "from_port": 0,
 "protocol": "-1",
 "rule_action": "allow",
 "rule_number": 100,
 "to_port": 0
 }
]
 no
private_outbound_acl_rules Private subnets outbound network ACLs list(map(string)) 
[
 {
 "cidr_block": "0.0.0.0/0",
 "from_port": 0,
 "protocol": "-1",
 "rule_action": "allow",
 "rule_number": 100,
 "to_port": 0
 }
]
 no
private_route_table_tags Additional tags for the private route tables map(string) {} no
private_subnet_assign_ipv6_address_on_creation Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is false bool false no
private_subnet_enable_dns64 Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: true bool true no
private_subnet_enable_resource_name_dns_a_record_on_launch Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false bool false no
private_subnet_enable_resource_name_dns_aaaa_record_on_launch Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: true bool true no
private_subnet_ipv6_native Indicates whether to create an IPv6-only subnet. Default: false bool false no
private_subnet_ipv6_prefixes Assigns IPv6 private subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list list(string) [] no
private_subnet_names Explicit values to use in the Name tag on private subnets. If empty, Name tags are generated list(string) [] no
private_subnet_private_dns_hostname_type_on_launch The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: ip-name, resource-name string null no
private_subnet_suffix Suffix to append to private subnets name string "private" no
private_subnet_tags Additional tags for the private subnets map(string) {} no
private_subnet_tags_per_az Additional tags for the private subnets where the primary key is the AZ map(map(string)) {} no
private_subnets A list of private subnets inside the VPC list(string) [] no
propagate_intra_route_tables_vgw Should be true if you want route table propagation bool false no
propagate_private_route_tables_vgw Should be true if you want route table propagation bool false no
propagate_public_route_tables_vgw Should be true if you want route table propagation bool false no
protect_from_scale_in Allows setting instance protection. The autoscaling group will not select instances with this setting for termination during scale in events. bool false no
public_acl_tags Additional tags for the public subnets network ACL map(string) {} no
public_dedicated_network_acl Whether to use dedicated network ACL (not default) and custom rules for public subnets bool false no
public_inbound_acl_rules Public subnets inbound network ACLs list(map(string)) 
[
 {
 "cidr_block": "0.0.0.0/0",
 "from_port": 0,
 "protocol": "-1",
 "rule_action": "allow",
 "rule_number": 100,
 "to_port": 0
 }
]
 no
public_outbound_acl_rules Public subnets outbound network ACLs list(map(string)) 
[
 {
 "cidr_block": "0.0.0.0/0",
 "from_port": 0,
 "protocol": "-1",
 "rule_action": "allow",
 "rule_number": 100,
 "to_port": 0
 }
]
 no
public_route_table_tags Additional tags for the public route tables map(string) {} no
public_subnet_assign_ipv6_address_on_creation Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is false bool false no
public_subnet_enable_dns64 Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: true bool true no
public_subnet_enable_resource_name_dns_a_record_on_launch Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false bool false no
public_subnet_enable_resource_name_dns_aaaa_record_on_launch Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: true bool true no
public_subnet_ipv6_native Indicates whether to create an IPv6-only subnet. Default: false bool false no
public_subnet_ipv6_prefixes Assigns IPv6 public subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list list(string) [] no
public_subnet_names Explicit values to use in the Name tag on public subnets. If empty, Name tags are generated list(string) [] no
public_subnet_private_dns_hostname_type_on_launch The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: ip-name, resource-name string null no
public_subnet_suffix Suffix to append to public subnets name string "public" no
public_subnet_tags Additional tags for the public subnets map(string) {} no
public_subnet_tags_per_az Additional tags for the public subnets where the primary key is the AZ map(map(string)) {} no
public_subnets A list of public subnets inside the VPC list(string) [] no
ram_disk_id The ID of the ram disk string null no
redshift_acl_tags Additional tags for the redshift subnets network ACL map(string) {} no
redshift_dedicated_network_acl Whether to use dedicated network ACL (not default) and custom rules for redshift subnets bool false no
redshift_inbound_acl_rules Redshift subnets inbound network ACL rules list(map(string)) 
[
 {
 "cidr_block": "0.0.0.0/0",
 "from_port": 0,
 "protocol": "-1",
 "rule_action": "allow",
 "rule_number": 100,
 "to_port": 0
 }
]
 no
redshift_outbound_acl_rules Redshift subnets outbound network ACL rules list(map(string)) 
[
 {
 "cidr_block": "0.0.0.0/0",
 "from_port": 0,
 "protocol": "-1",
 "rule_action": "allow",
 "rule_number": 100,
 "to_port": 0
 }
]
 no
redshift_route_table_tags Additional tags for the redshift route tables map(string) {} no
redshift_subnet_assign_ipv6_address_on_creation Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is false bool false no
redshift_subnet_enable_dns64 Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: true bool true no
redshift_subnet_enable_resource_name_dns_a_record_on_launch Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false bool false no
redshift_subnet_enable_resource_name_dns_aaaa_record_on_launch Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: true bool true no
redshift_subnet_group_name Name of redshift subnet group string null no
redshift_subnet_group_tags Additional tags for the redshift subnet group map(string) {} no
redshift_subnet_ipv6_native Indicates whether to create an IPv6-only subnet. Default: false bool false no
redshift_subnet_ipv6_prefixes Assigns IPv6 redshift subnet id based on the Amazon provided /56 prefix base 10 integer (0-256). Must be of equal length to the corresponding IPv4 subnet list list(string) [] no
redshift_subnet_names Explicit values to use in the Name tag on redshift subnets. If empty, Name tags are generated list(string) [] no
redshift_subnet_private_dns_hostname_type_on_launch The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: ip-name, resource-name string null no
redshift_subnet_suffix Suffix to append to redshift subnets name string "redshift" no
redshift_subnet_tags Additional tags for the redshift subnets map(string) {} no
redshift_subnets A list of redshift subnets inside the VPC list(string) [] no
region The AWS region string n/a yes
reuse_nat_ips Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external_nat_ip_ids' variable bool false no
scaling_policies Map of target scaling policy schedule to create any {} no
schedules Map of autoscaling group schedule to create map(any) {} no
secondary_cidr_blocks List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool list(string) [] no
security_groups A list of security group IDs to associate list(string) [] no
service_linked_role_arn The ARN of the service-linked role that the ASG will use to call other AWS services string null no
single_nat_gateway Should be true if you want to provision a single shared NAT Gateway across all of your private networks bool false no
subject_alternative_names A list of domains that should be SANs in the issued certificate list(string) [] no
suspended_processes A list of processes to suspend for the Auto Scaling Group. The allowed values are Launch, Terminate, HealthCheck, ReplaceUnhealthy, AZRebalance, AlarmNotification, ScheduledActions, AddToLoadBalancer, InstanceRefresh. Note that if you suspend either the Launch or Terminate process types, it can prevent your Auto Scaling Group from functioning properly list(string) [] no
tag_specifications The tags to apply to the resources during launch list(any) [] no
tags A map of tags to add to all resources map(string) {} no
target_group_arns A set of aws_alb_target_group ARNs, for use with Application or Network Load Balancing list(string) [] no
termination_policies A list of policies to decide how the instances in the Auto Scaling Group should be terminated. The allowed values are OldestInstance, NewestInstance, OldestLaunchConfiguration, ClosestToNextInstanceHour, OldestLaunchTemplate, AllocationStrategy, Default list(string) [] no
traffic_source_identifier Identifies the traffic source. For Application Load Balancers, Gateway Load Balancers, Network Load Balancers, and VPC Lattice, this will be the Amazon Resource Name (ARN) for a target group in this account and Region. For Classic Load Balancers, this will be the name of the Classic Load Balancer in this account and Region string "" no
traffic_source_type Provides additional context for the value of identifier. The following lists the valid values: elb if identifier is the name of a Classic Load Balancer. elbv2 if identifier is the ARN of an Application Load Balancer, Gateway Load Balancer, or Network Load Balancer target group. vpc-lattice if identifier is the ARN of a VPC Lattice target group string "elbv2" no
update_default_version Whether to update Default Version each update. Conflicts with default_version bool null no
use_ipam_pool Determines whether IPAM pool is used for CIDR allocation bool false no
use_mixed_instances_policy Determines whether to use a mixed instances policy in the autoscaling group or not bool false no
use_name_prefix Determines whether to use name as is or create a unique name beginning with the name as the prefix bool true no
user_data The Base64-encoded user data to provide when launching the instance string null no
validate_certificate Whether to validate certificate by creating Route53 record bool true no
validation_allow_overwrite_records Whether to allow overwrite of Route53 records bool true no
validation_method Which method to use for validation. DNS or EMAIL are valid. This parameter must not be set for certificates that were imported into ACM and then into Terraform. string null no
validation_option The domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. any {} no
validation_record_fqdns When validation is set to DNS and the DNS validation records are set externally, provide the fqdns for the validation list(string) [] no
validation_timeout Define maximum timeout to wait for the validation to complete string null no
vpc_flow_log_iam_policy_name Name of the IAM policy string "vpc-flow-log-to-cloudwatch" no
vpc_flow_log_iam_policy_use_name_prefix Determines whether the name of the IAM policy (vpc_flow_log_iam_policy_name) is used as a prefix bool true no
vpc_flow_log_iam_role_name Name to use on the VPC Flow Log IAM role created string "vpc-flow-log-role" no
vpc_flow_log_iam_role_use_name_prefix Determines whether the IAM role name (vpc_flow_log_iam_role_name_name) is used as a prefix bool true no
vpc_flow_log_permissions_boundary The ARN of the Permissions Boundary for the VPC Flow Log IAM Role string null no
vpc_flow_log_tags Additional tags for the VPC Flow Logs map(string) {} no
vpc_tags Additional tags for the VPC map(string) {} no
vpc_zone_identifier A list of subnet IDs to launch resources in. Subnets automatically determine which availability zones the group will reside. Conflicts with availability_zones list(string) null no
vpn_gateway_az The Availability Zone for the VPN Gateway string null no
vpn_gateway_id ID of VPN Gateway to attach to the VPC string "" no
vpn_gateway_tags Additional tags for the VPN gateway map(string) {} no
wait_for_capacity_timeout A maximum duration that Terraform should wait for ASG instances to be healthy before timing out. (See also Waiting for Capacity below.) Setting this to '0' causes Terraform to skip all Capacity Waiting behavior. string null no
wait_for_elb_capacity Setting this will cause Terraform to wait for exactly this number of healthy instances in all attached load balancers on both create and update operations. Takes precedence over min_elb_capacity behavior. number null no
wait_for_validation Whether to wait for the validation to complete bool true no
warm_pool If this block is configured, add a Warm Pool to the specified Auto Scaling group any {} no
zone_id The ID of the hosted zone to contain this record. Required when validating via Route53 string "" no
zones Map containing the Route53 Zone IDs for additional domains. map(string) {} no

Outputs

No outputs.

About

AWS WAF Challenge

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages