Skip to content
Open
Show file tree
Hide file tree
Changes from 4 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 4 additions & 10 deletions .github/workflows/pr-validation.yml
Original file line number Diff line number Diff line change
Expand Up @@ -66,26 +66,20 @@ jobs:
terraform init -backend=false
terraform validate

- name: Terraform Validate - AAP/ASM - Activate Bot Manager Module
working-directory: ./aap-asm/bot-manager
run: |
terraform init -backend=false
terraform validate

- name: Terraform Validate - AAP/ASM - Client Lists Module
working-directory: ./aap-asm/client-lists
run: |
terraform init -backend=false
terraform validate

- name: Terraform Validate - AAP/ASM - Client Reputation Module
working-directory: ./aap-asm/client-reputation
- name: Terraform Validate - AAP/ASM - Security Config Module
working-directory: ./aap-asm/security-config
run: |
terraform init -backend=false
terraform validate

- name: Terraform Validate - AAP/ASM - Security Module
working-directory: ./aap-asm/security
- name: Terraform Validate - AAP/ASM - Security Policy Module
working-directory: ./aap-asm/security-policy
run: |
terraform init -backend=false
terraform validate
Expand Down
16 changes: 4 additions & 12 deletions .github/workflows/tf-docs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -70,14 +70,6 @@ jobs:
output-method: inject
git-push: true

- name: Generate terraform-docs for AAP/ASM - Bot Manager Module
uses: terraform-docs/gh-actions@v1.4.1
with:
working-dir: ./aap-asm/bot-manager
output-file: README.md
output-method: inject
git-push: true

- name: Generate terraform-docs for AAP/ASM - Client Lists Module
uses: terraform-docs/gh-actions@v1.4.1
with:
Expand All @@ -86,18 +78,18 @@ jobs:
output-method: inject
git-push: true

- name: Generate terraform-docs for AAP/ASM - Client Reputation Module
- name: Generate terraform-docs for AAP/ASM - Security Config Module
uses: terraform-docs/gh-actions@v1.4.1
with:
working-dir: ./aap-asm/client-reputation
working-dir: ./aap-asm/security-config
output-file: README.md
output-method: inject
git-push: true

- name: Generate terraform-docs for AAP/ASM - Security Module
- name: Generate terraform-docs for AAP/ASM - Security Policy Module
uses: terraform-docs/gh-actions@v1.4.1
with:
working-dir: ./aap-asm/security
working-dir: ./aap-asm/security-policy
output-file: README.md
output-method: inject
git-push: true
Expand Down
32 changes: 26 additions & 6 deletions aap-asm/README.md
Original file line number Diff line number Diff line change
@@ -1,9 +1,29 @@
# Modules to create an AAP+ASM configuration

The Terraform Modules contained in this repository help you manage different resources that is required to create an AAP+ASM Configuration as per the best practices:
* Activate-Security : Used to manage resources required to activate secuirty configuration on staging and production
* Bot-manager : Used to manage BVM and BMS resources
* Client-lists : Used to manage resources required to create client lists
* Client-Reputation : Used to manage resources required to create Client reputation profiles
* Security : Used to manage resources related to the following protection - IP/GEO firewall, DoS Protection and WAF
The Terraform Modules contained in this repository help you manage different resources required to create an AAP+ASM Configuration as per best practices. Supports **multiple security policies** per configuration, each with independently configurable protection actions.

## Modules

| Module | Cardinality | Purpose |
|--------|-------------|---------|
| **activate-security** | Once | Activate the security configuration on staging and production networks |
| **client-lists** | Once | Create and manage client lists (IP block, GEO block, bypass lists) |
| **security-config** | Once | Create the security configuration, advanced settings, rate policies, and reputation profiles |
| **security-policy** | Per policy (`for_each`) | Create security policies with match targets, WAF, DoS, IP/GEO firewall, client reputation, and bot management |

## Multi-Policy Architecture

```
security-config (singleton) security-policy (for_each)
├── Configuration ├── Policy + match target
├── Advanced settings ├── Protection toggles
├── Rate policies ├── WAF attack group actions
├── Reputation profiles ├── Rate policy actions
└── Bypass lists ├── IP/Geo firewall
├── Penalty box + slow POST
├── Reputation profile actions
└── Bot management settings + actions
```

Each policy inherits from a `policy_defaults` baseline and can override any field independently.

Loading