waf_addtnl_tags

LeoDiazL · LeoDiazL · commit 7c26996df09a · 2025-08-22T16:58:15.000-03:00
diff --git a/action.yaml b/action.yaml
@@ -299,7 +299,10 @@ inputs:
   aws_waf_log_retention_days:
     description: 'CloudWatch log retention period for WAF logs'
     required: false
-
+  aws_waf_additional_tags:
+    description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
+    required: false
+  
   # AWS EFS
   aws_efs_create: 
     description: 'Toggle to indicate whether to create and EFS and mount it to the ec2 as a part of the provisioning. Note: The EFS will be managed by the stack and will be destroyed along with the stack.'
@@ -1227,7 +1230,8 @@ runs:
         AWS_WAF_IP_REPUTATION: ${{ inputs.aws_waf_ip_reputation }}
         AWS_WAF_LOGGING_ENABLE: ${{ inputs.aws_waf_logging_enable }}
         AWS_WAF_LOG_RETENTION_DAYS: ${{ inputs.aws_waf_log_retention_days }}
-        
+        AWS_WAF_ADDITIONAL_TAGS: ${{ inputs.aws_waf_additional_tags }}
+
         # AWS EFS
         AWS_EFS_CREATE: ${{ inputs.aws_efs_create }}
         AWS_EFS_FS_ID: ${{ inputs.aws_efs_fs_id }}
diff --git a/operations/_scripts/generate/generate_vars_terraform.sh b/operations/_scripts/generate/generate_vars_terraform.sh
@@ -140,6 +140,7 @@ if [[ $(alpha_only "$AWS_WAF_ENABLE") == true ]]; then
   aws_waf_ip_reputation=$(generate_var aws_waf_ip_reputation $AWS_WAF_IP_REPUTATION)
   aws_waf_logging_enable=$(generate_var aws_waf_logging_enable $AWS_WAF_LOGGING_ENABLE)
   aws_waf_log_retention_days=$(generate_var aws_waf_log_retention_days $AWS_WAF_LOG_RETENTION_DAYS)
+  aws_waf_additional_tags=$(generate_var aws_waf_additional_tags $AWS_WAF_ADDITIONAL_TAGS)
 fi
 
 #-- AWS EFS --#
@@ -487,6 +488,7 @@ $aws_waf_managed_rules
 $aws_waf_ip_reputation
 $aws_waf_logging_enable
 $aws_waf_log_retention_days
+$aws_waf_additional_tags
 
 #-- EFS --#
 $aws_efs_enable
diff --git a/operations/deployment/terraform/aws/aws_variables.tf b/operations/deployment/terraform/aws/aws_variables.tf
@@ -366,6 +366,12 @@ variable "aws_waf_log_retention_days" {
   default     = 30
 }
 
+variable "aws_waf_additional_tags" {
+  type        = string
+  description = "A list of strings that will be added to created resources"
+  default     = "{}"
+}
+
 # AWS EFS
 
 ### This variable is hidden for the end user. Is built in deploy.sh based on the next 3 variables. 
diff --git a/operations/deployment/terraform/aws/bitovi_main.tf b/operations/deployment/terraform/aws/bitovi_main.tf
@@ -575,7 +575,7 @@ module "aws_waf_ecs" {
   aws_waf_rate_limit         = var.aws_waf_rate_limit
   aws_waf_managed_rules      = var.aws_waf_managed_rules
   aws_waf_ip_reputation      = var.aws_waf_ip_reputation
-  aws_lb_resource_arn        = module.ecs[0].aws_lb_resource_arn
+  aws_lb_resource_arn        = module.aws_ecs[0].aws_lb_resource_arn
   aws_waf_logging_enable     = var.aws_waf_logging_enable
   aws_waf_log_retention_days = var.aws_waf_log_retention_days
   aws_resource_identifier    = var.aws_resource_identifier
@@ -707,6 +707,7 @@ locals {
   ecr_tags      = merge(local.default_tags,jsondecode(var.aws_ecr_additional_tags))
   db_proxy_tags = merge(local.default_tags,jsondecode(var.aws_db_proxy_additional_tags))
   redis_tags    = merge(local.default_tags,jsondecode(var.aws_redis_additional_tags))
+  waf_tags      = merge(local.default_tags,jsondecode(var.aws_waf_additional_tags))
 
   eks_vpc_tags = {
     // This is needed for k8s to use VPC resources
