Merge pull request #3 from Samseppiol/master

Guslington · web-flow · commit a14fff72de70 · 2021-01-19T09:28:57.000+11:00
Allow modification of default action via config file value
diff --git a/tests/iplists.test.yaml b/tests/iplists.test.yaml
@@ -3,6 +3,8 @@ test_metadata:
   name: iplists
   description: IP white and black lists
 
+default_block: true
+
 ipsets:
   WhitelistOne:
     desc: ips to whitelist for my waf
diff --git a/wafv2.cfndsl.rb b/wafv2.cfndsl.rb
@@ -80,6 +80,8 @@
     end
   end
 
+  default_block = external_parameters.fetch(:default_block, false)
+
   WAFv2_WebACL(:WAF) {
     Name FnSub("${EnvironmentName}-#{component_name}")
     Description FnSub("#{component_name}")
@@ -89,9 +91,7 @@
       CloudWatchMetricsEnabled: cloudwatch['enabled'],
       MetricName: FnSub("#{cloudwatch['metric_name_prefix']}WAFWebACL")
     })
-    DefaultAction({
-      Allow: {}
-    })
+    DefaultAction default_block ? ({Block: {}}) : ({Allow: {}})
     Rules(waf_rules)
   }
 
