Open
Description
Version
provider "registry.terraform.io/vercel/vercel" {
version = "2.10.0"
constraints = "~> 2.10"
hashes = [
"h1:dqn6MVkhUm5ynbuIg53zCGpX8fxoFx3kkYq11Rdzi3o=",
"zh:00030228128bb41d22f92b39cbabf423b1be32227dddf3c63595075648c208a7",
"zh:1fe72ae0a9ed346f35ae9de77031a40f290e50ae94ef81934771ad13e0957095",
"zh:2bd7fa6854970c51e653b4a4572cee54c6db2154f08d2c77f19f260b2e313fbe",
"zh:4af64ed95b3677d1aa7a7ee3f26b2f1b5d5e3005fdd02812c93f86d2ac834d29",
"zh:4b42e66aca775191b3861a29a68d28fd13b6284540a5febdc4ffc8c801feff3e",
"zh:537ca509b0aeaa6851eaec56fe8272a598c5f5700d136b686f82ecf20aa7f9cf",
"zh:7d0bd21cdedc64681a66cb1f9724edfa3237def6cb80cfee847c613998e0e42c",
"zh:a3bc0cce521452a9a8794699816961190e4c7a7c34ea589245e852659d24c659",
"zh:b18408a71c99ba4a5882dc0c673ea43410b2f9b208637cd20acc2b53b7139867",
"zh:c17f42a8ef3f5fd60821d4187920c31d0666db10629ccdb7b8dd9ec1e1103bae",
"zh:c7bfecb76c5db46a3295c63620720e4ebd8bea2b81756807831b715216987ca9",
"zh:ed1e1d3bbdc7946edc9bdbc6dbba8a5138cdd859765c787ff2a8ac8f2a930811",
"zh:ef9b8346ac8d226c69e77b0ee50cf77a40562c80e11a0afe59cd08b8cbd12d2e",
"zh:f26e0763dbe6a6b2195c94b44696f2110f7f55433dc142839be16b9697fa5597",
"zh:f449bfa061af348c58722d0f2bb374d403d57c3f4ca2d81c02745a2e9ccc5bbc",
]
}
Code
# Vercel Firewall Configuration
resource "vercel_firewall_config" "main" {
count = var.environment != "prod" ? 1 : 0
project_id = var.vercel_project_id
rules {
rule {
name = "Blocklist"
active = true
description = "IP addresses or CIDRs to always block."
action = {
action = "deny"
}
condition_group = [{
conditions = [{
type = "ip_address"
op = "inc"
value = ["17.241.227.11", "157.55.39.49", "172.81.130.38"]
}],
conditions = [{
type = "user_agent"
op = "sub"
neg = true
value = "google"
}]
}]
}
rule {
name = "POST /en-US/users/sign-in missing hipcamp session"
active = true
action = {
action = "deny"
}
condition_group = [{
conditions = [{
type = "path"
op = "eq"
value = "/en-US/users/sign-in"
}],
conditions = [{
type = "method"
op = "eq"
value = "POST"
}],
conditions = [{
type = "cookie"
op = "ex"
neg = true
key = "_hipcamp_session"
}]
}]
}
rule {
name = "Challenge all POST sign-ins to /en-US/users/sign-in"
active = false
action = {
action = "challenge"
}
condition_group = [{
conditions = [{
type = "path"
op = "eq"
value = "/en-US/users/sign-in"
}],
conditions = [{
type = "method"
op = "eq"
value = "POST"
}],
conditions = [{
type = "environment"
op = "eq"
value = "production"
}]
}]
}
rule {
name = "Block ddos attacks"
active = true
description = "Block requests from Hong Kong, China Vietnam etc"
action = {
action = "deny"
}
condition_group = [{
conditions = [{
type = "geo_country"
op = "inc"
value = "RU, RO, CZ, HK, SG, LV, TH, PS"
}]
}]
}
rule {
name = "FirstJA4"
active = false
action = {
action = "log"
}
condition_group = [{
conditions = [{
type = "ja4_digest"
op = "eq"
value = "t13d2014h2_a09f3c656075_14788d8d241b"
}]
}]
}
}
}
Errors received
With the code above, when Terraform Cloud attempts to create the firewall, the following error is received:
However, if I change the code to:
rule {
name = "Block ddos attacks"
active = true
description = "Block requests from Hong Kong, China Vietnam etc"
action = {
action = "deny"
}
condition_group = [{
conditions = [{
type = "geo_country"
op = "inc"
value = ["RU", "RO", "CZ", "HK", "SG", "LV", "TH", "PS"]
}]
}]
}
I receive the following error during $ terraform plan:
╷
│ Error: Incorrect attribute value type
│
│ on vercel.tf line 88, in resource "vercel_firewall_config" "main":
│ 88: condition_group = [{
│ 89: conditions = [{
│ 90: type = "geo_country"
│ 91: op = "inc"
│ 92: value = ["RU", "RO", "CZ", "HK", "SG", "LV", "TH", "PS"]
│ 93: }]
│ 94: }]
│
│ Inappropriate value for attribute "condition_group": element 0: attribute
│ "conditions": element 0: attribute "value": string required.
╵
Operation failed: failed running terraform plan (exit 1)
There is no way to both pass the terraform plan and apply phases.
Metadata
Metadata
Assignees
Labels
No labels