Attack group migration
Migrate your existing attack group and rules resources and data sources to the Web Application and Firewall rule set ones.
Note: Migration to the new rule set resource doesn't require changes to your security policy.
Summary of changes
The akamai_appsec_attack_group and akamai_appsec_rules resources and data sources combine into a single resource and data source, akamai_appsec_waf_ruleset.
Improvement
The attack group and rules resources and data sources limited management capabilities to one group and one rule at a time. For those with larger policies, this meant sending a resource for each group or rule. The more groups and rules, the higher the chance for rate-limiting issues.
The WAF rule set resource lets you manage all of your groups and rules in a single resource and data source, reducing the chance of rate-limiting errors.
Mapping
The argument names for your groups, rules, their actions, and any condition exceptions did not change. Their depth did.
Resources
akamai_appsec_waf_ruleset resource introduces new attack_groups and rules set-type arguments that contain the details of your groups and rules.
akamai_appsec_attack_group
Each of your akamai_appsec_attack_group resource's attack_group, attack_group_action, and condition_exception become an object within the akamai_appsec_waf_ruleset resource's attack_groups set.
resource "akamai_appsec_attack_group" "my_attack_group" {
config_id = int
security_policy_id = ""
attack_group = ""
attack_group_action = ""
condition_exception = jsonencode({})
}resource "akamai_appsec_waf_ruleset" "my_ruleset" {
config_id = int
security_policy_id = ""
attack_groups = [
{
attack_group = ""
attack_group_action = ""
condition_exception = jsonencode({})
},
{
attack_group = ""
attack_group_action = ""
condition_exception = jsonencode({})
},
{
attack_group = ""
attack_group_action = ""
condition_exception = jsonencode({})
}
]
}akamai_appsec_rule
Each of your akamai_appsec_rule resource's rule_id, rule_action, and condition_exception become an object within the akamai_appsec_waf_ruleset resource's rules set.
resource "akamai_appsec_rule" "my_rule" {
config_id = int
security_policy_id = ""
rule_id = ""
rule_action = ""
condition_exception = jsonencode({})
}resource "akamai_appsec_waf_ruleset" "my_ruleset" {
config_id = int
security_policy_id = ""
rules = [
{
rule_id = ""
rule_action = ""
condition_exception = jsonencode({})
},
{
rule_id = ""
rule_action = ""
condition_exception = jsonencode({})
},
{
rule_id = ""
rule_action = ""
condition_exception = jsonencode({})
}
]
}Data sources
akamai_appsec_waf_ruleset resource introduces new attack_groups and rules set-type attributes that contain the details of your groups and rules.
akamai_appsec_attack_groups
The akamai_appsec_waf_ruleset data source is a get all function where the akamai_appsec_attack_groups data source had both get one and get all functions.
- Removed the
attack_groupargument. - Removed the
jsonandoutput_textattributes - Added
attack_groupsattribute set that contains details about each of your attack groups.
Queries
data "akamai_appsec_attack_groups" "my_attack_groups" {
config_id = int
security_policy_id = ""
attack_group = ""
}data "akamai_appsec_waf_ruleset" "my_attack_groups" {
config_id = int
security_policy_id = ""
}Output
my_attack_groups = {
attack_group = ""
attack_group_action = ""
condition_exception = null
config_id = int
security_policy_id = ""
id = ""
json = jsonencode(
{
attackGroupActions = [
{
action = ""
conditionException = {
exception = {
selector = ""
wildcard = bool
}
group = ""
},
)
output_text = <<-EOT
+------------------------------------------------------+
| AttackGroup |
+----------+--------+------------+---------------------+
| GROUPID | ACTION | EXCEPTIONS | ADVANCED EXCEPTIONS |
+----------+--------+------------+---------------------+
...
EOT
}my_ruleset = {
config_id = int,
security_policy_id = ""
attack_groups = [
{
attack_group = "",
attack_group_action = "",
condition_exception = {}
},
{
attack_group = "",
attack_group_action = "",
condition_exception = {}
}
],
rules = [],
}akamai_appsec_rules
The akamai_appsec_waf_ruleset data source is a get all function where the akamai_appsec_rules data source had both get one and get all functions.
- Removed the
rule_idargument. - Removed the
jsonandoutput_textattributes - Added
rulesattribute set that contains details about each of your rules.
Queries
data "akamai_appsec_rules" "my_rules" {
config_id = int
security_policy_id = ""
rule_id = int
}data "akamai_appsec_waf_ruleset" "my_attack_groups" {
config_id = int
security_policy_id = ""
}Output
my_rules = {
condition_exception = null
config_id = 81541
id = "81541"
json = null
output_text = <<-EOT
+------------------------------------------------------------------+
| Rule name |
+---------+--------+------------+------------+---------------------+
| ID | ACTION | CONDITIONS | EXCEPTIONS | ADVANCED EXCEPTIONS |
...
EOT
}my_ruleset = {
config_id = int,
security_policy_id = ""
attack_groups = [],
rules = [
{
condition_exception = {},
rule_action = "",
rule_id = int
},
{
condition_exception = {},
rule_action = "",
rule_id = int
},
],
}Updated about 21 hours ago