Deploying an AWS ALB with AWS WAF Protection using Terraform
Hello everyone,
Hope you all are doing well. In today's blog we will be learning about deploying an AWS ALB with AWS WAF Protection using Terraform.
It is very important to secure your resources when you deploy them to cloud. Security is a shared responsibility model. An Application Load Balancer (ALB) helps distribute incoming traffic, while AWS WAF (Web Application Firewall) protects against common web exploits.
In this guide, we’ll build a fully automated setup using Terraform:
Create an Application Load Balancer (ALB)
Deploy an AWS WAF WebACL
Associate the WAF WebACL with the ALB
Before starting, here's some resources you should check -
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/wafv2_web_acl
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb
Also, my Github repo for the same.
https://github.com/sankalpsp07/Deploying-an-AWS-ALB-with-AWS-WAF-Protection-using-Terraform-
Let's dive in!
Let's create a provider.tf file.
Now let's create a variables.tf file.
For this blog, we will use default vpc, but in actual production scenario, we will not use use the default vpc.
We will be using terraform modules for ALB, WAF, and required security groups. Let's create folders and files for that.
Let's create a security group for ALB. In this we are specifying inbound and outbound rules.
main.tf
varibles.tf
Let's create ALB, target group, and listener with required attributes. As of now we will only create a HTTP Listener.
We can refer to https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb
variables.tf
Next step is to use command - terraform init. The terraform init command initializes a working directory containing Terraform configuration files
Next run - terraform validate. The terraform validate command is used to verify the correctness of Terraform configuration files within a given directory
Next use command terraform plan to check what all resources will be created.
Next apply terraform apply -
Hence, it has created all 4 things - ALB, Listener, target groups and security group for ALB.
In AWS Management Console
Listener and Target groups also created by terraform
Now, let's create WAF Web ACL and will associate it with Load balancer -
We will be using 2 rules -
1) AWSManagedRulesCommonRuleSet
You can add or remove the rules as and when required. We will also define their priority.
Main.tf
Main.tf
Association
variables.tf
Now again run terraform init -
Use terraform plan and terraform validate command to check what resources are getting create and validate configuration resp.
Let's now apply it.
Now, let's go to the console, and see.
Now, let's check the rules -
Now, let's check associated resources -
Hence, we deployed the AWS Application load balancer with AWS WAF Web ACL to protect it.
Now, let's clean the resources.
That's it for this blog.
Let's meet again in the next blog.
Thanks,
Regards,
