Introducing Cloud WAF Terraform Support
Terraform, from HashiCorp, enables DevOps teams to deploy cloud infrastructure as code. Fastly supports Terraform across our product lines and today we’re excited to share enhancements to our Next-Gen WAF Terraform provider for our Cloud WAF deployment model which will further streamline operations for our secure DevOps users.
A key capability of the Fastly Next-Gen WAF (powered by Signal Sciences) is the broadest range of deployment options for a WAF – on-premises, at the edge, or in the cloud. We combine this flexibility with a strong commitment to infrastructure as code (IaC) to support modern, automated deployment with solutions like Terraform. With today’s update, we’ve extended our Terraform support to include provisioning new Cloud WAF deployments for new application instances and managing certificates to secure them. This functionality, in addition to our existing Terraform providers for the core functionality of the Fastly Next-Gen WAF and Fastly CDN, enables DevOps teams to seamlessly deploy our cloud-based WAF solution alongside other changes to their environment when using Terraform. This functionality has always been part of our API and web interfaces, and now we have extended it to cover IaC use cases.
Our cloud-based WAF deployment method is quick to deploy and easy to manage. There are no agents to deploy – we maintain the WAF and run it in our cloud infrastructure. Instead, a simple DNS change is all that’s needed to protect your applications with the Fastly Next-Gen WAF. A single management console streamlines monitoring and maintenance of all WAF instances, even in hybrid environments with a mix of cloud, edge, and agent deployments.
Deploying a Cloud WAF Instance is documented on the Terraform Registry sigsci_corp_cloudwaf_instance resource page and can be done with the following HCL:
resource "sigsci_corp_cloudwaf_instance" "test_corp_cloudwaf" {
name = "Test CloudWAF"
description = "for test"
region = "ap-northeast-1"
tls_min_version = "1.2"
use_uploaded_certificates = true
workspace_configs {
site_name = sigsci_site.this.short_name
instance_location = "direct"
listener_protocols = [ "https", ]
routes {
certificate_ids = [
"A01bc234-5678-9de0-a12b-3456c789d12d",
]
connection_pooling = true
domains = [ "example.com", ]
origin = "https://origin.example.com"
pass_host_header = true
trust_proxy_headers = false
}
}
}
Additionally, when using your own domain names with cloud-based deployments (as opposed to Fastly subdomains), it is possible to upload your own certificates to be associated with those domains. To upload your own certificates, use the `sigsci_corp_cloudwaf_certificate` resource (defined below). For certificates, updates only support changing the name so any change to the private key or certificates will result in a new resource being created. See more on this in the Terraform Registry documentation.
resource "sigsci_corp_cloudwaf_certificate" "test_corp_cloudwaf_certificate" {
name = "Test Cloud WAF Certificate"
certificate_body = <<CERT
-----BEGIN CERTIFICATE-----
[encoded certificate]
-----END CERTIFICATE-----
CERT
certificate_chain = <<CHAIN
-----BEGIN CERTIFICATE-----
[encoded certificate chain]
-----END CERTIFICATE-----
CHAIN
private_key = <<PRIVATEKEY
-----BEGIN PRIVATE KEY-----
[encoded privatekey]]
----END PRIVATE KEY-----
PRIVATEKEY
}
Ready to get started? Get the Fastly WAF Terraform provider today.
Read more about Fastly and Terraform:
Talk to us!
Twitter: https://twitter.com/fastly
Support: support@fastly.com