Merge pull request #1823 from cloud-gov/ignore-waf-changes

Ignore all WAF changes due to false positives
cloud-gov · Jan 22, 2025 · d3dd377 · d3dd377
2 parents fa6b410 + e54b5df
commit d3dd377
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/terraform/modules/cloudfoundry/waf.tf b/terraform/modules/cloudfoundry/waf.tf
@@ -18,9 +18,11 @@ resource "aws_wafv2_web_acl" "cf_uaa_waf_core" {
   description = "UAA ELB WAF Rules"
   scope       = "REGIONAL"
 
-  # see https://github.com/hashicorp/terraform-provider-aws/issues/24386#issuecomment-1109340765
+  # Regarding tags_all, see https://github.com/hashicorp/terraform-provider-aws/issues/24386#issuecomment-1109340765
   lifecycle {
-    ignore_changes = [tags_all]
+    # Regarding rule: If you make updates to the WAF rules in this file, you must remove `rule` so they apply.
+    # This is a workaround to an issue: https://github.com/hashicorp/terraform-provider-aws/issues/33124
+    ignore_changes = [rule, tags_all]
   }
 
   default_action {