Tweaks

Author: lorenyu

infra/app/service/main.tf

@@ -69,7 +69,8 @@ module "service" {
   domain_name     = module.domain.domain_name
   hosted_zone_id  = module.domain.hosted_zone_id
   certificate_arn = module.domain.certificate_arn
-  enable_waf      = module.app_config.enable_waf
+
+  enable_waf = module.app_config.enable_waf
 
   cpu                      = local.service_config.cpu
   memory                   = local.service_config.memory

infra/modules/network/data/main.tf

@@ -42,3 +42,9 @@ data "aws_security_groups" "aws_services" {
     values = [data.aws_vpc.network.id]
   }
 }
+
+data "aws_wafv2_web_acl" "network" {
+  name  = module.interface.waf_acl_name
+  scope = "REGIONAL"
+}
+

infra/modules/network/data/outputs.tf

@@ -22,11 +22,6 @@ output "vpc_id" {
   value = data.aws_vpc.network.id
 }
 
-data "aws_wafv2_web_acl" "network" {
-  name  = module.interface.waf_acl_name
-  scope = "REGIONAL"
-}
-
 output "waf_arn" {
   value = data.aws_wafv2_web_acl.network.arn
 }

infra/modules/service/variables.tf

@@ -51,6 +51,12 @@ variable "enable_command_execution" {
   description = "Whether the service should enable ECS Exec, such as for debugging"
 }
 
+variable "enable_waf" {
+  type        = bool
+  description = "Whether to enable WAF protection for the load balancer"
+  default     = false
+}
+
 variable "extra_environment_variables" {
   type        = map(string)
   description = "Additional environment variables to pass to the service container. Map from environment variable name to the value."
@@ -166,9 +172,3 @@ variable "ephemeral_write_volumes" {
   description = "A set of absolute paths in the container to be mounted as writable for the life of the task. These need to be declared with `VOLUME` instructions in the container build file."
   default     = []
 }
-
-variable "enable_waf" {
-  type        = bool
-  description = "Whether to enable WAF protection for the load balancer"
-  default     = false
-}