terraformterraform-provider-awsamazon-waf

Remove the SizeRestrictions_BODY size rule all together

In AWS documentation rule states that it will allow only 8kb of request body.

I have used terraform to make sure that all common rule set are created in below code.

resource "aws_wafv2_web_acl" "alb_waf_acl" {
  name        = "api-alb-waf-acl-${var.usage}"
  scope       = "REGIONAL"
  description = "WAF ACL for the Data Refinery ALB"

  default_action {
    allow {}
  }

  rule {
    name     = "base-rule"
    priority = 1

    override_action {
      none {}
    }

    statement {
      managed_rule_group_statement {
        vendor_name = "AWS"
        name        = "AWSManagedRulesCommonRuleSet"
      }
    }

    visibility_config {
      cloudwatch_metrics_enabled = false
      metric_name                = "api-alb-waf-acl-base-rule-${var.usage}"
      sampled_requests_enabled   = false
    }
  }

  visibility_config {
    cloudwatch_metrics_enabled = false
    metric_name                = "api-alb-waf-acl-${var.usage}"
    sampled_requests_enabled   = false
  }

  tags = {
    Name = "api_alb_waf_acl_${var.usage}"
  }


resource "aws_wafv2_web_acl_association" "alb_waf_association" {
  resource_arn = aws_lb.alb.arn
  web_acl_arn  = aws_wafv2_web_acl.alb_waf_acl.arn

  timeouts {
    create = "10m"
  }
}

How do I change the code such that I can remove the SizeRestrictions_BODY rule or make it disfunctional.

Solution

  • I just allowed everything in Body using

     rule_action_override {
      name = "SizeRestrictions_BODY"
      action_to_use {
        allow {}
      }
    }

    Here is my whole code

    resource "aws_wafv2_web_acl" "alb_waf_acl" {
  name        = "api-alb-waf-acl-${var.usage}"
  scope       = "REGIONAL"
  description = "WAF ACL for the Data Refinery ALB"

  default_action {
    allow {}
  }

  rule {
    name     = "base-rule"
    priority = 1

    override_action {
      none {}
    }

    statement {
      managed_rule_group_statement {
        vendor_name = "AWS"
        name        = "AWSManagedRulesCommonRuleSet"
        rule_action_override {
          name = "SizeRestrictions_BODY"
          action_to_use {
            allow {}
          }
        }
      }
    }

    visibility_config {
      cloudwatch_metrics_enabled = false
      metric_name                = "api-alb-waf-acl-base-rule-${var.usage}"
      sampled_requests_enabled   = false
    }
  }

  visibility_config {
    cloudwatch_metrics_enabled = false
    metric_name                = "api-alb-waf-acl-${var.usage}"
    sampled_requests_enabled   = false
  }

  tags = {
    Name = "api_alb_waf_acl_${var.usage}"
  }
}

    Note that this will allow all sizes and won't restrict to a certain size!