# Terraform configuration to create a basic AWS WAF Web ACL with a managed rule group.

provider "aws" {
  region = "us-east-1"
}

# --- 1. Create Web ACL ---
resource "aws_wafv2_web_acl" "main" {
  name        = "MyTerraformWafWebACL"
  description = "Web ACL for Terraform demo"
  scope       = "REGIONAL" # Use CLOUDFRONT for CloudFront distributions

  default_action {
    allow {}
  }

  visibility_config {
    cloudwatch_metrics_enabled = true
    metric_name                = "MyTerraformWafWebACLMetric"
    sampled_requests_enabled   = true
  }

  tags = {
    Name = "MyTerraformWafWebACL"
  }
}

# --- 2. Add Managed Rule Group ---
resource "aws_wafv2_web_acl_rule" "managed_common_rule_set" {
  name        = "ManagedCommonRuleSet"
  priority    = 1
  web_acl_id  = aws_wafv2_web_acl.main.id
  action {
    block {}
  }

  statement {
    managed_rule_group_statement {
      name    = "AWSManagedRulesCommonRuleSet"
      vendor_name = "AWS"
    }
  }

  visibility_config {
    cloudwatch_metrics_enabled = true
    metric_name                = "ManagedCommonRuleSetMetric"
    sampled_requests_enabled   = true
  }
}

# --- Outputs ---
output "web_acl_arn" {
  value       = aws_wafv2_web_acl.main.arn
  description = "The ARN of the WAF Web ACL."
}

output "web_acl_id" {
  value       = aws_wafv2_web_acl.main.id
  description = "The ID of the WAF Web ACL."
}