resource/aws_waf_web_acl: Minor adjustments to finish up #6059

Output from acceptance testing: ``` --- PASS: TestAccAWSWafWebAcl_basic (6.55s) --- PASS: TestAccAWSWafWebAcl_LoggingConfiguration (63.50s) --- PASS: TestAccAWSWafWebAcl_disappears (7.44s) --- PASS: TestAccAWSWafWebAcl_Rules (25.95s) --- PASS: TestAccAWSWafWebAcl_changeNameForceNew (12.07s) --- PASS: TestAccAWSWafWebAcl_DefaultAction (12.88s) ```
hashicorp · Feb 12, 2019 · 41baf98 · 41baf98
1 parent 34f41a4
commit 41baf98
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 17 deletions.
diff --git a/aws/resource_aws_waf_web_acl_test.go b/aws/resource_aws_waf_web_acl_test.go
@@ -2,6 +2,7 @@ package aws
 
 import (
  "fmt"
+ "os"
  "testing"
 
  "github.com/aws/aws-sdk-go/aws"
@@ -163,6 +164,10 @@ func TestAccAWSWafWebAcl_Rules(t *testing.T) {
 }
 
 func TestAccAWSWafWebAcl_LoggingConfiguration(t *testing.T) {
+ oldvar := os.Getenv("AWS_DEFAULT_REGION")
+ os.Setenv("AWS_DEFAULT_REGION", "us-east-1")
+ defer os.Setenv("AWS_DEFAULT_REGION", oldvar)
+
  var webACL waf.WebACL
  rName := fmt.Sprintf("wafacl%s", acctest.RandString(5))
  resourceName := "aws_waf_web_acl.test"
@@ -530,8 +535,8 @@ resource "aws_kinesis_firehose_delivery_stream" "test" {
 func testAccAWSWafWebAclConfig_LoggingUpdate(rName string) string {
  return fmt.Sprintf(`
 resource "aws_waf_web_acl" "test" {
- metric_name = %q
- name = %q
+ metric_name = %[1]q
+ name = %[1]q
 
  default_action {
  type = "ALLOW"
@@ -543,12 +548,12 @@ resource "aws_waf_web_acl" "test" {
 }
 
 resource "aws_s3_bucket" "test" {
- bucket = %q
+ bucket = %[1]q
  acl = "private"
 }
 
 resource "aws_iam_role" "test" {
- name = %q
+ name = %[1]q
 
  assume_role_policy = <<EOF
 {
@@ -569,7 +574,7 @@ EOF
 
 resource "aws_kinesis_firehose_delivery_stream" "test" {
  # the name must begin with aws-waf-logs-
- name = "aws-waf-logs-%s"
+ name = "aws-waf-logs-%[1]s"
  destination = "s3"
 
  s3_configuration {
@@ -578,5 +583,5 @@ resource "aws_kinesis_firehose_delivery_stream" "test" {
  }
 }
 
-`, rName, rName, rName, rName, rName)
+`, rName)
 }
diff --git a/website/docs/r/waf_web_acl.html.markdown b/website/docs/r/waf_web_acl.html.markdown
@@ -57,7 +57,7 @@ resource "aws_waf_web_acl" "waf_acl" {
 
 ### Logging
 
-~> *NOTE:* The Kinesis Firehose Delivery Stream name must begin with `aws-waf-logs-`. See the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) for more information about enabling WAF logging.
+~> *NOTE:* The Kinesis Firehose Delivery Stream name must begin with `aws-waf-logs-` and be located in `us-east-1` region. See the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) for more information about enabling WAF logging.
 
 ```hcl
 resource "aws_waf_web_acl" "example" {
@@ -81,25 +81,36 @@ resource "aws_waf_web_acl" "example" {
 
 The following arguments are supported:
 
-* `default_action` - (Required) The action that you want AWS WAF to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.
+* `default_action` - (Required) Configuration block with action that you want AWS WAF to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL. Detailed below.
 * `metric_name` - (Required) The name or description for the Amazon CloudWatch metric of this web ACL.
 * `name` - (Required) The name or description of the web ACL.
-* `rules` - (Required) The rules to associate with the web ACL and the settings for each rule.
+* `rules` - (Required) Configuration blocks containing rules to associate with the web ACL and the settings for each rule. Detailed below.
+* `logging_configuration` - (Optional) Configuration block to enable WAF logging. Detailed below.
 
-## Nested Blocks
-
-### `default_action`
-
-#### Arguments
+### `default_action` Configuration Block
 
 * `type` - (Required) Specifies how you want AWS WAF to respond to requests that match the settings in a rule.
  e.g. `ALLOW`, `BLOCK` or `COUNT`
 
-### `rules`
+### `logging_configuration` Configuration Block
 
-See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_ActivatedRule.html) for all details and supported values.
+* `log_destination` - (Required) Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream
+* `redacted_fields` - (Optional) Configuration block containing parts of the request that you want redacted from the logs. Detailed below.
+
+#### `redacted_fields` Configuration Block
+
+* `field_to_match` - (Required) Set of configuration blocks for fields to redact. Detailed below.
 
-#### Arguments
+##### `field_to_match` Configuration Block
+
+-> Additional information about this configuration can be found in the [AWS WAF Regional API Reference](https://docs.aws.amazon.com/waf/latest/APIReference/API_regional_FieldToMatch.html).
+
+* `data` - (Optional) When the value of `type` is `HEADER`, enter the name of the header that you want the WAF to search, for example, `User-Agent` or `Referer`. If the value of `type` is any other value, omit `data`.
+* `type` - (Required) The part of the web request that you want AWS WAF to search for a specified string. e.g. `HEADER` or `METHOD`
+
+### `rules` Configuration Block
+
+See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_ActivatedRule.html) for all details and supported values.
 
 * `action` - (Optional) The action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if `type` is `GROUP`.
  * `type` - (Required) valid values are: `BLOCK`, `ALLOW`, or `COUNT`