Mark the header variable input as sensitive

olamide · olamide · commit e6058570bf26 · 2024-04-03T12:33:03.000+01:00
diff --git a/aws/waf/main.tf b/aws/waf/main.tf
@@ -13,7 +13,7 @@ resource "aws_wafv2_web_acl" "main" {
     metric_name                = "${var.name}-cloudfront-web-acl"
   }
 
-  dynamic "header_rule" {
+  dynamic "rule" {
     for_each = var.header_match_rules
     content {
       name     = "${header_rule.value["name"]}-header-match-rule"
@@ -34,7 +34,9 @@ resource "aws_wafv2_web_acl" "main" {
       statement {
         byte_match_statement {
           field_to_match {
-            single_header = lower(header_rule.value["header_name"])
+            single_header {
+              name = lower(header_rule.value["header_name"])
+            }
           }
 
           positional_constraint = "CONTAINS"
diff --git a/aws/waf/variables.tf b/aws/waf/variables.tf
@@ -56,6 +56,8 @@ variable "header_match_rules" {
   }))
 
   default = null
+
+  sensitive = true
 }
 
 variable "allowed_ip_list" {
