test-org-12323423
/
devops
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

TF lab master

main
kusum 1 year ago
parent
81bcf1bb4e
commit
46bfe126be
49 changed files with 2784 additions and 0 deletions
Split View Show Diff Stats
  1. 51
    0
      tf-lab-master/main.tf
  2. 50
    0
      tf-lab-master/modules/cloudlets/cloudlet-policy.tf
  3. 8
    0
      tf-lab-master/modules/cloudlets/provider.tf
  4. 14
    0
      tf-lab-master/modules/cloudlets/variables.tf
  5. 4
    0
      tf-lab-master/modules/edgeworkers/bundle.json
  6. BIN
      tf-lab-master/modules/edgeworkers/bundle.tgz
  7. 16
    0
      tf-lab-master/modules/edgeworkers/edgeworkers.tf
  8. 57
    0
      tf-lab-master/modules/edgeworkers/main.js
  9. 8
    0
      tf-lab-master/modules/edgeworkers/provider.tf
  10. 14
    0
      tf-lab-master/modules/edgeworkers/variables.tf
  11. 19
    0
      tf-lab-master/modules/network-lists/nl.tf
  12. 8
    0
      tf-lab-master/modules/network-lists/provider.tf
  13. 18
    0
      tf-lab-master/modules/network-lists/variables.tf
  14. 197
    0
      tf-lab-master/modules/property/property-snippets/Accelerate_delivery.json
  15. 89
    0
      tf-lab-master/modules/property/property-snippets/Augment_insights.json
  16. 19
    0
      tf-lab-master/modules/property/property-snippets/Cloudlets.json
  17. 31
    0
      tf-lab-master/modules/property/property-snippets/EdgeWorkers.json
  18. 96
    0
      tf-lab-master/modules/property/property-snippets/Increase_availability.json
  19. 58
    0
      tf-lab-master/modules/property/property-snippets/Minimize_payload.json
  20. 396
    0
      tf-lab-master/modules/property/property-snippets/Offload_origin.json
  21. 162
    0
      tf-lab-master/modules/property/property-snippets/Strengthen_security.json
  22. 40
    0
      tf-lab-master/modules/property/property-snippets/main.json
  23. 62
    0
      tf-lab-master/modules/property/property.tf
  24. 8
    0
      tf-lab-master/modules/property/provider.tf
  25. 57
    0
      tf-lab-master/modules/property/variables.tf
  26. 31
    0
      tf-lab-master/modules/security/advanced-settings.tf
  27. 67
    0
      tf-lab-master/modules/security/advanced.tf
  28. 354
    0
      tf-lab-master/modules/security/bot-directory-actions.tf
  29. 61
    0
      tf-lab-master/modules/security/custom-rules.tf
  30. 8
    0
      tf-lab-master/modules/security/firewall.tf
  31. 11
    0
      tf-lab-master/modules/security/javascript-injection.tf
  32. 23
    0
      tf-lab-master/modules/security/match-targets.tf
  33. 8
    0
      tf-lab-master/modules/security/penalty-box.tf
  34. 9
    0
      tf-lab-master/modules/security/policies.tf
  35. 57
    0
      tf-lab-master/modules/security/protections.tf
  36. 8
    0
      tf-lab-master/modules/security/provider.tf
  37. 190
    0
      tf-lab-master/modules/security/rate-policies.tf
  38. 24
    0
      tf-lab-master/modules/security/rate-policy-actions.tf
  39. 96
    0
      tf-lab-master/modules/security/reputation-profiles.tf
  40. 49
    0
      tf-lab-master/modules/security/reputation.tf
  41. 9
    0
      tf-lab-master/modules/security/response-actions.tf
  42. 29
    0
      tf-lab-master/modules/security/security-configuration.tf
  43. 5
    0
      tf-lab-master/modules/security/selected-hostnames.tf
  44. 9
    0
      tf-lab-master/modules/security/slow-post.tf
  45. 35
    0
      tf-lab-master/modules/security/variables.tf
  46. 71
    0
      tf-lab-master/modules/security/waf.tf
  47. 14
    0
      tf-lab-master/provider.tf
  48. 15
    0
      tf-lab-master/terraform.tfvars
  49. 119
    0
      tf-lab-master/variables.tf

+ 51
- 0
tf-lab-master/main.tf View File

@@ -0,0 +1,51 @@
module "property"{
source = "./modules/property"
secure = var.secure
cp_code_id = var.cp_code_id
edge_hostname = var.edge_hostname
contract_id = var.contract_id
group_id = var.group_id
network = var.network
rule_format = var.rule_format
user_id = var.user_id
product_id = var.product_id
email = var.email
cloudlet_policy_id = module.cloudlets.cloudlet_policy_id
edgeworker_id = module.edgeworkers.edgeworker_id
}

module "security"{
source = "./modules/security"
user_id = var.user_id
contract_id = var.contract_id
group_id = var.group_id
network = var.network
email = var.email
security_policy_prefix = var.security_policy_prefix
security_policy_name = var.security_policy_name
host_names = var.host_names
geo_block_network_list_id = module.network-lists.geo_block_network_list_id
depends_on = [module.network-lists]
}

module "network-lists"{
source = "./modules/network-lists"
user_id = var.user_id
email = var.email
network = var.network
geo_block_list = var.geo_block_list
}

module "cloudlets"{
source = "./modules/cloudlets"
user_id = var.user_id
group_id = var.group_id
network = var.network
}

module "edgeworkers"{
source = "./modules/edgeworkers"
user_id = var.user_id
group_id = var.group_id
network = var.network
}

+ 50
- 0
tf-lab-master/modules/cloudlets/cloudlet-policy.tf View File

@@ -0,0 +1,50 @@
resource "akamai_cloudlets_policy" "cloudlet_policy" {
name = "${var.user_id}RCPolicy"
cloudlet_code = "IG"
description = "AkaU RC cloudlet lab"
group_id = var.group_id
match_rules = <<-EOF
[
{
"type": "igMatchRule",
"name": "Prevent GETs at login endpoint",
"start": 0,
"end": 0,
"matchURL": null,
"matches": [
{
"objectMatchValue": {
"type": "simple",
"value": [
"POST"
]
},
"matchOperator": "equals",
"negate": true,
"caseSensitive": false,
"matchType": "method"
},
{
"matchValue": "/rest/user/login",
"matchOperator": "equals",
"negate": false,
"caseSensitive": false,
"matchType": "path"
}
],
"allowDeny": "deny"
}
]
EOF
}

output "cloudlet_policy_id" {
value = "${akamai_cloudlets_policy.cloudlet_policy.id}"
}

resource "akamai_cloudlets_policy_activation" "activation" {
policy_id = "${akamai_cloudlets_policy.cloudlet_policy.id}"
network = var.network
associated_properties = ["${var.user_id}-tflab"]
version = 1
}

+ 8
- 0
tf-lab-master/modules/cloudlets/provider.tf View File

@@ -0,0 +1,8 @@
terraform {
required_providers {
akamai = {
source = "akamai/akamai"
version = "~> 5.1.0"
}
}
}

+ 14
- 0
tf-lab-master/modules/cloudlets/variables.tf View File

@@ -0,0 +1,14 @@
variable "group_id" {
type = string
description = "Group ID for property/config creation"
}

variable "user_id"{
type = string
description = "unique ID for each lab user"
}

variable "network" {
type = string
description = "Akamai network for activation"
}

+ 4
- 0
tf-lab-master/modules/edgeworkers/bundle.json View File

@@ -0,0 +1,4 @@
{
"edgeworker-version": "0.1",
"description" : "redirect based on country"
}

BIN
tf-lab-master/modules/edgeworkers/bundle.tgz View File


+ 16
- 0
tf-lab-master/modules/edgeworkers/edgeworkers.tf View File

@@ -0,0 +1,16 @@
resource "akamai_edgeworker" "geo_languagecookie" {
name = "${var.user_id}-GeoLanguageCookie"
group_id = "${var.group_id}"
resource_tier_id = 100
local_bundle = "./modules/edgeworkers/bundle.tgz"
}

resource "akamai_edgeworkers_activation" "ew_activation" {
edgeworker_id = akamai_edgeworker.geo_languagecookie.id
network = var.network
version = akamai_edgeworker.geo_languagecookie.version
}

output "edgeworker_id" {
value = "${akamai_edgeworker.geo_languagecookie.id}"
}

+ 57
- 0
tf-lab-master/modules/edgeworkers/main.js View File

@@ -0,0 +1,57 @@
import { logger } from 'log';
import { Cookies, SetCookie } from 'cookies';

function getLanguageCookieValue(country) {
// Initialize an empty string to store the language cookie value.
let languageCookieValue = '';
// Check the country parameter and set the languageCookieValue accordingly.
if (country === 'US') {
languageCookieValue = 'en_US';
} else if (country === 'KR') {
languageCookieValue = 'ko_KR';
} else if (country === 'ES') {
languageCookieValue = 'es_ES';
} else if (country === 'FR') {
languageCookieValue = 'fr_FR';
} else if (country === 'DE') {
languageCookieValue = 'de_DE';
}
// Return the determined languageCookieValue.
return languageCookieValue;
}

export function onClientRequest(request) {
let cookies = new Cookies(request.getHeader('Cookie'));
let languageCookie = cookies.get('language');
logger.log('language cookie value: %s', languageCookie);
if (languageCookie) {
logger.log('language cookie exists. Do nothing.');
} else {
let country = request.userLocation.country;
if (country) {
let languageCookieValue = getLanguageCookieValue(country);
if (languageCookieValue) {
let headers = { 'Location': ['/'], 'X-Redirect': [languageCookieValue] };
request.respondWith(302, headers, {});
} else {
logger.log('cannot find languageCookieValue. Do nothing.');
}
} else {
logger.log('cannot find country code. Do nothing.');
}
}
}

export function onClientResponse(request, response) {
logger.log('Adding a header in ClientResponse');
let languageCookieValue = response.getHeader('X-Redirect');
if (languageCookieValue) {
let cookie = new SetCookie();
cookie.name = 'language';
cookie.value = languageCookieValue;
response.setHeader('Set-Cookie', cookie.toHeader());
response.setHeader('X-GeoRedirect', 'True');
} else {
response.setHeader('X-GeoRedirect', 'False')
}
}

+ 8
- 0
tf-lab-master/modules/edgeworkers/provider.tf View File

@@ -0,0 +1,8 @@
terraform {
required_providers {
akamai = {
source = "akamai/akamai"
version = "~> 5.1.0"
}
}
}

+ 14
- 0
tf-lab-master/modules/edgeworkers/variables.tf View File

@@ -0,0 +1,14 @@
variable "group_id" {
type = string
description = "Group ID for property/config creation"
}

variable "user_id"{
type = string
description = "unique ID for each lab user"
}

variable "network" {
type = string
description = "Akamai network for activation"
}

+ 19
- 0
tf-lab-master/modules/network-lists/nl.tf View File

@@ -0,0 +1,19 @@
resource "akamai_networklist_network_list" "network_list" {
name = "${var.user_id}-tfab-NL"
type = "GEO"
description = "This is a network list for the AkaU AppSec Terraform lab."
list = var.geo_block_list
mode = "APPEND"
}

output "geo_block_network_list_id" {
value = akamai_networklist_network_list.network_list.network_list_id
}

resource "akamai_networklist_activations" "activation" {
network_list_id = akamai_networklist_network_list.network_list.uniqueid
network = var.network
notes = "AkaU AppSec Terraform lab"
sync_point = 0
notification_emails = [var.email]
}

+ 8
- 0
tf-lab-master/modules/network-lists/provider.tf View File

@@ -0,0 +1,8 @@
terraform {
required_providers {
akamai = {
source = "akamai/akamai"
version = "~> 5.1.0"
}
}
}

+ 18
- 0
tf-lab-master/modules/network-lists/variables.tf View File

@@ -0,0 +1,18 @@
variable "user_id"{
type = string
description = "unique ID for each lab user"
}

variable "email" {
type = string
description = "Email address used for activations"
}

variable "geo_block_list" {
type = list(any)
description = "Blocked geos"
}

variable "network" {
type = string
}

+ 197
- 0
tf-lab-master/modules/property/property-snippets/Accelerate_delivery.json View File

@@ -0,0 +1,197 @@
{
"children": [
{
"behaviors": [
{
"name": "dnsAsyncRefresh",
"options": {
"enabled": true,
"timeout": "1h"
}
},
{
"name": "timeout",
"options": {
"value": "5s"
}
},
{
"name": "readTimeout",
"options": {
"value": "120s"
}
}
],
"comments": "Optimize the connection between edge and origin.",
"name": "Origin connectivity",
"options": {},
"criteriaMustSatisfy": "all"
},
{
"behaviors": [
{
"name": "enhancedAkamaiProtocol",
"options": {
"display": ""
}
},
{
"name": "http3",
"options": {
"enable": true
}
},
{
"name": "http2",
"options": {
"enabled": ""
}
},
{
"name": "allowTransferEncoding",
"options": {
"enabled": true
}
},
{
"name": "sureRoute",
"options": {
"enableCustomKey": false,
"enabled": true,
"forceSslForward": false,
"raceStatTtl": "30m",
"srDownloadLinkTitle": "",
"testObjectUrl": "/akamai/sureroute-test-object.html",
"toHostStatus": "INCOMING_HH",
"type": "PERFORMANCE"
}
}
],
"comments": "Serve your website using modern and fast protocols.",
"name": "Protocol optimizations",
"options": {},
"criteriaMustSatisfy": "all"
},
{
"children": [
{
"behaviors": [
{
"name": "prefetch",
"options": {
"enabled": true
}
}
],
"children": [
{
"behaviors": [
{
"name": "prefetch",
"options": {
"enabled": false
}
}
],
"comments": "Disable prefetching for specific clients identifying themselves as bots and crawlers. This avoids requesting unnecessary resources from the origin.",
"criteria": [
{
"name": "userAgent",
"options": {
"matchCaseSensitive": false,
"matchOperator": "IS_ONE_OF",
"matchWildcard": true,
"values": [
"*bot*",
"*crawl*",
"*spider*"
]
}
}
],
"name": "Bots",
"options": {},
"criteriaMustSatisfy": "all"
}
],
"comments": "Define for which HTML pages prefetching should be enabled.",
"name": "Prefetching objects",
"options": {},
"criteriaMustSatisfy": "all"
},
{
"behaviors": [
{
"name": "prefetchable",
"options": {
"enabled": true
}
}
],
"comments": "Define which resources should be prefetched.",
"criteria": [
{
"name": "fileExtension",
"options": {
"matchCaseSensitive": false,
"matchOperator": "IS_ONE_OF",
"values": [
"css",
"js",
"jpg",
"jpeg",
"jp2",
"png",
"gif",
"svg",
"svgz",
"webp",
"eot",
"woff",
"woff2",
"otf",
"ttf"
]
}
}
],
"name": "Prefetchable objects",
"options": {},
"criteriaMustSatisfy": "all"
}
],
"comments": "Instruct edge servers to retrieve embedded resources before the browser requests them.",
"name": "Prefetching",
"options": {},
"criteriaMustSatisfy": "all"
},
{
"behaviors": [
{
"name": "adaptiveAcceleration",
"options": {
"abLogic": "DISABLED",
"enableBrotliCompression": false,
"enablePreconnect": true,
"enablePush": true,
"enableRo": false,
"preloadEnable": true,
"source": "mPulse",
"titleHttp2ServerPush": "",
"titlePreconnect": "",
"titlePreload": "",
"titleRo": ""
}
}
],
"comments": "Automatically and continuously apply performance optimizations to your website using machine learning.",
"name": "Adaptive acceleration",
"options": {},
"criteriaMustSatisfy": "all"
}
],
"comments": "Control the settings related to improving the performance of delivering objects to your users.",
"name": "Accelerate delivery",
"options": {},
"criteriaMustSatisfy": "all"
}

+ 89
- 0
tf-lab-master/modules/property/property-snippets/Augment_insights.json View File

@@ -0,0 +1,89 @@
{
"children": [
{
"behaviors": [
{
"name": "cpCode",
"options": {
"value":
{
"id": "${env.cp_code_id}"
}
}
}
],
"comments": "Identify your main traffic segments so you can granularly zoom in your traffic statistics like hits, bandwidth, offload, response codes, and errors.",
"name": "Traffic reporting",
"options": {},
"criteriaMustSatisfy": "all"
},
{
"behaviors": [
{
"name": "mPulse",
"options": {
"apiKey": "",
"bufferSize": "",
"configOverride": "",
"enabled": true,
"loaderVersion": "V12",
"requirePci": false,
"titleOptional": ""
}
}
],
"comments": "Collect and analyze real-user data to monitor the performance of your website.",
"name": "mPulse RUM",
"options": {},
"criteriaMustSatisfy": "all"
},
{
"behaviors": [
{
"name": "edgeScape",
"options": {
"enabled": false
}
}
],
"comments": "Receive data about a user's geolocation and connection speed in a request header. If you change cached content based on the values of the X-Akamai-Edgescape request header, contact your account representative.",
"criteria": [
{
"name": "requestType",
"options": {
"matchOperator": "IS",
"value": "CLIENT_REQ"
}
}
],
"name": "Geolocation",
"options": {},
"criteriaMustSatisfy": "all"
},
{
"behaviors": [
{
"name": "report",
"options": {
"logAcceptLanguage": false,
"logCookies": "OFF",
"logCustomLogField": false,
"logEdgeIP": false,
"logHost": false,
"logReferer": false,
"logUserAgent": false,
"logXForwardedFor": false
}
}
],
"comments": "Specify the level of detail you want to be logged in your Log Delivery Service reports. Log User-Agent Header to obtain detailed information in the Traffic by Browser and OS report.",
"name": "Log delivery",
"options": {},
"criteriaMustSatisfy": "all"
}
],
"comments": "Control the settings related to monitoring and reporting. This gives you additional visibility into your traffic and audiences.",
"name": "Augment insights",
"options": {},
"criteriaMustSatisfy": "all"
}

+ 19
- 0
tf-lab-master/modules/property/property-snippets/Cloudlets.json View File

@@ -0,0 +1,19 @@
{
"behaviors": [
{
"name": "requestControl",
"options": {
"cloudletPolicy": {
"id": "${env.cloudlet_policy_id}",
"name": "${env.user_id}RCPolicy"
},
"enableBranded403": false,
"enabled": true,
"isSharedPolicy": false
}
}
],
"name": "Cloudlets",
"options": {},
"criteriaMustSatisfy": "all"
}

+ 31
- 0
tf-lab-master/modules/property/property-snippets/EdgeWorkers.json View File

@@ -0,0 +1,31 @@
{
"name": "EdgeWorkers",
"children": [],
"behaviors": [
{
"name": "edgeWorker",
"options": {
"enabled": true,
"edgeWorkerId": "${env.edgeworker_id}",
"mPulse": false,
"createEdgeWorker": "",
"mPulseInformation": "",
"resourceTier": ""
}
}
],
"criteria": [
{
"name": "path",
"options": {
"matchOperator": "MATCHES_ONE_OF",
"matchCaseSensitive": false,
"normalize": false,
"values": ["/"]
}
}
],
"criteriaMustSatisfy": "all",
"comments": ""
}

+ 96
- 0
tf-lab-master/modules/property/property-snippets/Increase_availability.json View File

@@ -0,0 +1,96 @@
{
"children": [
{
"behaviors": [
{
"name": "breakConnection",
"options": {
"enabled": true
}
}
],
"comments": "Simulate an origin connection problem and test the site failover configuration on the CDN staging network.",
"criteria": [
{
"name": "contentDeliveryNetwork",
"options": {
"matchOperator": "IS",
"network": "STAGING"
}
},
{
"name": "requestHeader",
"options": {
"headerName": "breakconnection",
"matchCaseSensitiveValue": true,
"matchOperator": "IS_ONE_OF",
"matchWildcardName": false,
"matchWildcardValue": false,
"values": [
"Your-Secret-Here"
]
}
}
],
"name": "Simulate failover",
"options": {},
"criteriaMustSatisfy": "all"
},
{
"behaviors": [
{
"name": "failAction",
"options": {
"enabled": false
}
}
],
"comments": "Specify how edge servers respond when the origin is not available.",
"criteria": [
{
"name": "originTimeout",
"options": {
"matchOperator": "ORIGIN_TIMED_OUT"
}
}
],
"name": "Site failover",
"options": {},
"criteriaMustSatisfy": "any"
},
{
"behaviors": [
{
"name": "healthDetection",
"options": {
"maximumReconnects": 3,
"retryCount": 3,
"retryInterval": "10s"
}
}
],
"comments": "Monitor the health of your origin by tracking unsuccessful IP connection attempts.",
"name": "Origin health",
"options": {},
"criteriaMustSatisfy": "all"
},
{
"behaviors": [
{
"name": "scriptManagement",
"options": {
"enabled": false
}
}
],
"comments": "Enable Script Management to minimize performance and availability impacts from third-party JavaScripts.",
"name": "Script management",
"options": {},
"criteriaMustSatisfy": "all"
}
],
"comments": "Control how to respond when your origin or third parties are slow or even down to minimize the negative impact on user experience.",
"name": "Increase availability",
"options": {},
"criteriaMustSatisfy": "all"
}

+ 58
- 0
tf-lab-master/modules/property/property-snippets/Minimize_payload.json View File

@@ -0,0 +1,58 @@
{
"children": [
{
"behaviors": [
{
"name": "gzipResponse",
"options": {
"behavior": "ALWAYS"
}
}
],
"comments": "Serve gzip compressed content for text-based formats.",
"criteria": [
{
"name": "contentType",
"options": {
"matchCaseSensitive": false,
"matchOperator": "IS_ONE_OF",
"matchWildcard": true,
"values": [
"application/*javascript*",
"application/*json*",
"application/*xml*",
"application/text*",
"application/vnd-ms-fontobject",
"application/vnd.microsoft.icon",
"application/x-font-opentype",
"application/x-font-truetype",
"application/x-font-ttf",
"application/xml*",
"font/eot*",
"font/eot",
"font/opentype",
"font/otf",
"image/svg+xml",
"image/vnd.microsoft.icon",
"image/x-icon",
"text/*",
"application/octet-stream*",
"application/x-font-eot*",
"font/ttf",
"application/font-ttf",
"application/font-sfnt",
"application/x-tgif"
]
}
}
],
"name": "Compressible objects",
"options": {},
"criteriaMustSatisfy": "all"
}
],
"comments": "Control the settings that reduce the size of the delivered content and decrease the number of bytes sent by your properties. This allows you to cut down the network overhead of your website or API.",
"name": "Minimize payload",
"options": {},
"criteriaMustSatisfy": "all"
}

+ 396
- 0
tf-lab-master/modules/property/property-snippets/Offload_origin.json View File

@@ -0,0 +1,396 @@
{
"behaviors": [
{
"name": "caching",
"options": {
"behavior": "NO_STORE"
}
},
{
"name": "tieredDistribution",
"options": {
"enabled": true
}
},
{
"name": "validateEntityTag",
"options": {
"enabled": false
}
},
{
"name": "removeVary",
"options": {
"enabled": false
}
},
{
"name": "cacheError",
"options": {
"enabled": true,
"preserveStale": true,
"ttl": "10s"
}
},
{
"name": "cacheKeyQueryParams",
"options": {
"behavior": "INCLUDE_ALL_ALPHABETIZE_ORDER"
}
},
{
"name": "prefreshCache",
"options": {
"enabled": true,
"prefreshval": 90
}
},
{
"name": "downstreamCache",
"options": {
"allowBehavior": "LESSER",
"behavior": "ALLOW",
"sendHeaders": "CACHE_CONTROL",
"sendPrivate": false
}
}
],
"children": [
{
"behaviors": [
{
"name": "caching",
"options": {
"behavior": "MAX_AGE",
"mustRevalidate": false,
"ttl": "7d"
}
}
],
"comments": "Override the default caching behavior for CSS and JavaScript",
"criteria": [
{
"name": "fileExtension",
"options": {
"matchCaseSensitive": false,
"matchOperator": "IS_ONE_OF",
"values": [
"css",
"js"
]
}
}
],
"name": "CSS and JavaScript",
"options": {},
"criteriaMustSatisfy": "any"
},
{
"behaviors": [
{
"name": "caching",
"options": {
"behavior": "MAX_AGE",
"mustRevalidate": false,
"ttl": "30d"
}
}
],
"comments": "Override the default caching behavior for fonts.",
"criteria": [
{
"name": "fileExtension",
"options": {
"matchCaseSensitive": false,
"matchOperator": "IS_ONE_OF",
"values": [
"eot",
"woff",
"woff2",
"otf",
"ttf"
]
}
}
],
"name": "Fonts",
"options": {},
"criteriaMustSatisfy": "any"
},
{
"behaviors": [
{
"name": "caching",
"options": {
"behavior": "MAX_AGE",
"mustRevalidate": false,
"ttl": "30d"
}
}
],
"comments": "Override the default caching behavior for images.",
"criteria": [
{
"name": "fileExtension",
"options": {
"matchCaseSensitive": false,
"matchOperator": "IS_ONE_OF",
"values": [
"jpg",
"jpeg",
"png",
"gif",
"webp",
"jp2",
"ico",
"svg",
"svgz"
]
}
}
],
"name": "Images",
"options": {},
"criteriaMustSatisfy": "any"
},
{
"behaviors": [
{
"name": "caching",
"options": {
"behavior": "MAX_AGE",
"mustRevalidate": false,
"ttl": "7d"
}
}
],
"comments": "Override the default caching behavior for files. Files containing Personal Identified Information (PII) should require Edge authentication or not be cached at all.",
"criteria": [
{
"name": "fileExtension",
"options": {
"matchCaseSensitive": false,
"matchOperator": "IS_ONE_OF",
"values": [
"pdf",
"doc",
"docx",
"odt"
]
}
}
],
"name": "Files",
"options": {},
"criteriaMustSatisfy": "any"
},
{
"behaviors": [
{
"name": "caching",
"options": {
"behavior": "MAX_AGE",
"mustRevalidate": false,
"ttl": "7d"
}
}
],
"comments": "Override the default caching behavior for other static objects.",
"criteria": [
{
"name": "fileExtension",
"options": {
"matchCaseSensitive": false,
"matchOperator": "IS_ONE_OF",
"values": [
"aif",
"aiff",
"au",
"avi",
"bin",
"bmp",
"cab",
"carb",
"cct",
"cdf",
"class",
"dcr",
"dtd",
"exe",
"flv",
"gcf",
"gff",
"grv",
"hdml",
"hqx",
"ini",
"mov",
"mp3",
"nc",
"pct",
"ppc",
"pws",
"swa",
"swf",
"txt",
"vbs",
"w32",
"wav",
"midi",
"wbmp",
"wml",
"wmlc",
"wmls",
"wmlsc",
"xsd",
"zip",
"pict",
"tif",
"tiff",
"mid",
"jxr",
"jar"
]
}
}
],
"name": "Other static objects",
"options": {},
"criteriaMustSatisfy": "any"
},
{
"behaviors": [
{
"name": "caching",
"options": {
"behavior": "NO_STORE"
}
},
{
"name": "cacheKeyQueryParams",
"options": {
"behavior": "IGNORE",
"exactMatch": true,
"parameters": [
"gclid",
"fbclid",
"utm_source",
"utm_campaign",
"utm_medium",
"utm_content"
]
}
}
],
"comments": "Override the default caching behavior for HTML pages cached on edge servers.",
"criteria": [
{
"name": "fileExtension",
"options": {
"matchCaseSensitive": false,
"matchOperator": "IS_ONE_OF",
"values": [
"html",
"htm",
"php",
"jsp",
"aspx",
"EMPTY_STRING"
]
}
}
],
"name": "HTML pages",
"options": {},
"criteriaMustSatisfy": "all"
},
{
"behaviors": [
{
"name": "cacheRedirect",
"options": {
"enabled": "false"
}
},
{
"name": "chaseRedirects",
"options": {
"enabled": false
}
}
],
"comments": "Configure caching for HTTP redirects. The redirect is cached for the same TTL as a 200 HTTP response when this feature is enabled.",
"name": "Redirects",
"options": {},
"criteriaMustSatisfy": "all"
},
{
"behaviors": [
{
"name": "cachePost",
"options": {
"enabled": false
}
}
],
"comments": "Define when HTTP POST requests should be cached. You should enable it under a criteria match.",
"name": "POST responses",
"options": {},
"criteriaMustSatisfy": "all"
},
{
"behaviors": [
{
"name": "graphqlCaching",
"options": {
"enabled": false
}
}
],
"comments": "Define when your GraphQL queries should be cached.",
"criteria": [
{
"name": "path",
"options": {
"matchCaseSensitive": false,
"matchOperator": "MATCHES_ONE_OF",
"normalize": false,
"values": [
"/graphql"
]
}
}
],
"name": "GraphQL",
"options": {},
"criteriaMustSatisfy": "all"
},
{
"behaviors": [
{
"name": "downstreamCache",
"options": {
"behavior": "BUST"
}
}
],
"comments": "Configure the default client caching behavior for uncacheable content at the edge.",
"criteria": [
{
"name": "cacheability",
"options": {
"matchOperator": "IS_NOT",
"value": "CACHEABLE"
}
}
],
"name": "Uncacheable objects",
"options": {},
"criteriaMustSatisfy": "all"
}
],
"comments": "Control the settings related to caching content at the edge and in the browser. As a result, fewer requests go to your origin, fewer bytes leave your data centers, and your assets are closer to your users.",
"name": "Offload origin",
"options": {},
"criteriaMustSatisfy": "all"
}

+ 162
- 0
tf-lab-master/modules/property/property-snippets/Strengthen_security.json View File

@@ -0,0 +1,162 @@
{
"children": [
{
"behaviors": [
{
"name": "allHttpInCacheHierarchy",
"options": {
"enabled": true
}
}
],
"children": [
{
"behaviors": [
{
"name": "allowPost",
"options": {
"allowWithoutContentLength": false,
"enabled": true
}
}
],
"comments": "Allow use of the POST HTTP request method.",
"name": "POST",
"options": {},
"criteriaMustSatisfy": "all"
},
{
"behaviors": [
{
"name": "allowOptions",
"options": {
"enabled": true
}
}
],
"comments": "Allow use of the OPTIONS HTTP request method.",
"name": "OPTIONS",
"options": {},
"criteriaMustSatisfy": "all"
},
{
"behaviors": [
{
"name": "allowPut",
"options": {
"enabled": false
}
}
],
"comments": "Allow use of the PUT HTTP request method.",
"name": "PUT",
"options": {},
"criteriaMustSatisfy": "all"
},
{
"behaviors": [
{
"name": "allowDelete",
"options": {
"enabled": false
}
}
],
"comments": "Allow use of the DELETE HTTP request method.",
"name": "DELETE",
"options": {},
"criteriaMustSatisfy": "all"
},
{
"behaviors": [
{
"name": "allowPatch",
"options": {
"enabled": false
}
}
],
"comments": "Allow use of the PATCH HTTP request method.",
"name": "PATCH",
"options": {},
"criteriaMustSatisfy": "all"
}
],
"comments": "Allow the use of HTTP methods. Consider enabling additional methods under a path match for increased origin security.",
"name": "Allowed methods",
"options": {},
"criteriaMustSatisfy": "all"
},
{
"behaviors": [
{
"name": "cacheTagVisible",
"options": {
"behavior": "PRAGMA_HEADER"
}
}
],
"comments": "Do not expose back-end information unless the request contains the Pragma debug header.",
"name": "Obfuscate debug info",
"options": {},
"criteriaMustSatisfy": "all"
},
{
"behaviors": [
{
"name": "modifyOutgoingResponseHeader",
"options": {
"action": "DELETE",
"customHeaderName": "X-Powered-By",
"standardDeleteHeaderName": "OTHER"
}
},
{
"name": "modifyOutgoingResponseHeader",
"options": {
"action": "DELETE",
"customHeaderName": "Server",
"standardDeleteHeaderName": "OTHER"
}
}
],
"comments": "Do not expose back-end information unless the request contains an additional secret header. Regularly change the criteria to use a specific unique value for the secret header.",
"criteria": [
{
"name": "requestHeader",
"options": {
"headerName": "X-Akamai-Debug",
"matchCaseSensitiveValue": true,
"matchOperator": "IS_NOT_ONE_OF",
"matchWildcardName": false,
"matchWildcardValue": false,
"values": [
"true"
]
}
}
],
"name": "Obfuscate backend info",
"options": {},
"criteriaMustSatisfy": "all"
},
{
"behaviors": [
{
"name": "httpStrictTransportSecurity",
"options": {
"enable": false
}
}
],
"comments": "Require all browsers to connect to your site using HTTPS.",
"name": "HSTS",
"options": {},
"criteriaMustSatisfy": "all"
}
],
"comments": "Control the settings that minimize the information your website shares with clients and malicious entities to reduce your exposure to threats.",
"name": "Strengthen security",
"options": {},
"criteriaMustSatisfy": "all"
}

+ 40
- 0
tf-lab-master/modules/property/property-snippets/main.json View File

@@ -0,0 +1,40 @@
{
"rules": {
"name": "default",
"behaviors": [
{
"name": "origin",
"options": {
"cacheKeyHostname": "REQUEST_HOST_HEADER",
"compress": true,
"enableTrueClientIp": true,
"forwardHostHeader": "REQUEST_HOST_HEADER",
"httpPort": 80,
"httpsPort": 443,
"originCertificate": "",
"originSni": true,
"originType": "CUSTOMER",
"ports": "",
"trueClientIpClientSetting": false,
"hostname": "juiceshop${env.user_id}.akaorigin.com",
"trueClientIpHeader": "True-Client-IP",
"verificationMode": "PLATFORM_SETTINGS"
}
}
],
"children": [
"#include:Augment_insights.json",
"#include:Accelerate_delivery.json",
"#include:Offload_origin.json",
"#include:Strengthen_security.json",
"#include:Increase_availability.json",
"#include:Minimize_payload.json",
"#include:Cloudlets.json",
"#include:EdgeWorkers.json"
],
"comments": "The Default Rule template contains all the necessary and recommended behaviors. Rules are evaluated from top to bottom and the last matching rule wins.",
"options": {
"is_secure": "${env.secure}"
}
}
}

+ 62
- 0
tf-lab-master/modules/property/property.tf View File

@@ -0,0 +1,62 @@
data "akamai_property_rules_template" "rules-template" {
template_file = abspath("${path.root}/modules/property/property-snippets/main.json")
variables {
name = "secure"
value = "${var.secure}"
type = "bool"
}
variables {
name = "cp_code_id"
value = "${var.cp_code_id}"
type = "number"
}

variables {
name = "user_id"
value = "${var.user_id}"
type = "string"
}

variables {
name = "cloudlet_policy_id"
value = "${var.cloudlet_policy_id}"
type = "number"
}

variables {
name = "edgeworker_id"
value = "${var.edgeworker_id}"
type = "string"
}
}

resource "akamai_property" "lab_property" {
name = "${var.user_id}-tflab"
product_id = "prd_${var.product_id}"
contract_id = "ctr_${var.contract_id}"
group_id = "grp_${var.group_id}"
hostnames {
cname_from = "${var.user_id}tflab.akaudevops.com"
cname_to = var.edge_hostname
cert_provisioning_type = "CPS_MANAGED"
}
rule_format = var.rule_format
rules = data.akamai_property_rules_template.rules-template.json
}

output "property_id" {
value = "${akamai_property.lab_property.id}"
}
output "property_version" {
value = "${akamai_property.lab_property.latest_version}"
}

resource "akamai_property_activation" "activation_staging" {
property_id = "${akamai_property.lab_property.id}"
version = "${akamai_property.lab_property.latest_version}"
network = "${var.network}"
contact = ["${var.email}"]
note = "Terraform property creation lab"
auto_acknowledge_rule_warnings = true
}

+ 8
- 0
tf-lab-master/modules/property/provider.tf View File

@@ -0,0 +1,8 @@
terraform {
required_providers {
akamai = {
source = "akamai/akamai"
version = "~> 5.1.0"
}
}
}

+ 57
- 0
tf-lab-master/modules/property/variables.tf View File

@@ -0,0 +1,57 @@
variable "contract_id" {
type = string
description = "Contract ID for property/config creation"
}

variable "group_id" {
type = string
description = "Group ID for property/config creation"
}

variable "product_id" {
type = string
description = "Property Manager product"
}

variable "user_id"{
type = string
description = "unique ID for each lab user"
}

variable "rule_format" {
type = string
description = "Property rule format"
}

variable "secure" {
type = bool
description = "Switch between enhanced and standard TLS"
}

variable "email" {
type = string
description = "Email address used for activations"
}

variable "cp_code_id" {
type = number
description = "CP Code for reporting"
}

variable "edge_hostname" {
type = string
description = "Edge hostname for property"
}

variable "network" {
type = string
description = "Akamai network for activation"
}

variable "cloudlet_policy_id" {
type = number
}

variable "edgeworker_id" {
type = string
}

+ 31
- 0
tf-lab-master/modules/security/advanced-settings.tf View File

@@ -0,0 +1,31 @@
resource "akamai_botman_client_side_security" "client_side_security" {
config_id = akamai_appsec_configuration.config.config_id
client_side_security = jsonencode(
{
"useAllSecureTraffic" : false,
"useSameSiteCookies" : false,
"useStrictCspCompatibility" : false
}
)
}

resource "akamai_botman_transactional_endpoint_protection" "transactional_endpoint_protection" {
config_id = akamai_appsec_configuration.config.config_id
transactional_endpoint_protection = jsonencode(
{
"inlineTelemetry" : {
"aggressiveThreshold" : 90,
"detectionSetType" : "BOT_SCORE",
"safeguardAction" : "USE_STRICT_ACTION",
"strictThreshold" : 50
},
"standardTelemetry" : {
"aggressiveThreshold" : 90,
"detectionSetType" : "BOT_SCORE",
"safeguardAction" : "USE_STRICT_ACTION",
"strictThreshold" : 50
}
}
)
}


+ 67
- 0
tf-lab-master/modules/security/advanced.tf View File

@@ -0,0 +1,67 @@
// Global Advanced
resource "akamai_appsec_advanced_settings_logging" "logging" {
config_id = akamai_appsec_configuration.config.config_id
logging = jsonencode(
{
"allowSampling" : true,
"cookies" : {
"type" : "all"
},
"customHeaders" : {
"type" : "all"
},
"standardHeaders" : {
"type" : "all"
}
}
)
}

resource "akamai_appsec_advanced_settings_prefetch" "prefetch" {
config_id = akamai_appsec_configuration.config.config_id
enable_app_layer = true
all_extensions = false
enable_rate_controls = false
extensions = ["cgi", "jsp", "aspx", "EMPTY_STRING", "php", "py", "asp"]
}

resource "akamai_appsec_advanced_settings_pragma_header" "pragma_header" {
config_id = akamai_appsec_configuration.config.config_id
pragma_header = jsonencode(
{
"action" : "REMOVE"
}
)
}

resource "akamai_appsec_advanced_settings_evasive_path_match" "evasive_path_match" {
config_id = akamai_appsec_configuration.config.config_id
enable_path_match = true
}

resource "akamai_appsec_advanced_settings_attack_payload_logging" "attack_payload_logging" {
config_id = akamai_appsec_configuration.config.config_id
attack_payload_logging = jsonencode(
{
"enabled" : true,
"requestBody" : {
"type" : "ATTACK_PAYLOAD"
},
"responseBody" : {
"type" : "ATTACK_PAYLOAD"
}
}
)
}

resource "akamai_appsec_advanced_settings_request_body" "config_settings" {
config_id = akamai_appsec_configuration.config.config_id
request_body_inspection_limit = "default"
}

// Evasive Path Match
resource "akamai_appsec_advanced_settings_evasive_path_match" "pathmatch" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
enable_path_match = true
}

+ 354
- 0
tf-lab-master/modules/security/bot-directory-actions.tf View File

@@ -0,0 +1,354 @@
resource "akamai_botman_akamai_bot_category_action" "site_monitoring_and_web_development_bots_07782c03-8d21-4491-9078-b83514e6508f" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
category_id = "07782c03-8d21-4491-9078-b83514e6508f"
akamai_bot_category_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_akamai_bot_category_action" "academic_or_research_bots_0c508e1d-73a4-4366-9e48-3c4a080f1c5d" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
category_id = "0c508e1d-73a4-4366-9e48-3c4a080f1c5d"
akamai_bot_category_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_akamai_bot_category_action" "job_search_engine_bots_2f169206-f32c-48f7-b281-d534cf1ceeb3" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
category_id = "2f169206-f32c-48f7-b281-d534cf1ceeb3"
akamai_bot_category_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_akamai_bot_category_action" "online_advertising_bots_36b27e0c-76fc-44a4-b913-c598c5af8bba" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
category_id = "36b27e0c-76fc-44a4-b913-c598c5af8bba"
akamai_bot_category_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_akamai_bot_category_action" "ecommerce_search_engine_bots_47bcfb70-f3f5-458b-8f7c-1773b14bc6a4" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
category_id = "47bcfb70-f3f5-458b-8f7c-1773b14bc6a4"
akamai_bot_category_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_akamai_bot_category_action" "web_search_engine_bots_4e14219f-6568-4c9d-9bd8-b29ca2afc422" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
category_id = "4e14219f-6568-4c9d-9bd8-b29ca2afc422"
akamai_bot_category_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_akamai_bot_category_action" "enterprise_data_aggregator_bots_50395ad2-2673-41a4-b317-9b70742fd40f" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
category_id = "50395ad2-2673-41a4-b317-9b70742fd40f"
akamai_bot_category_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_akamai_bot_category_action" "financial_services_bots_53598904-21f5-46b1-8b51-1b991beef73b" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
category_id = "53598904-21f5-46b1-8b51-1b991beef73b"
akamai_bot_category_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_akamai_bot_category_action" "social_media_or_blog_bots_7035af8d-148c-429a-89da-de41e68c72d8" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
category_id = "7035af8d-148c-429a-89da-de41e68c72d8"
akamai_bot_category_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_akamai_bot_category_action" "automated_shopping_cart_and_sniper_bots_75493431-b41a-492c-8324-f12158783ce1" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
category_id = "75493431-b41a-492c-8324-f12158783ce1"
akamai_bot_category_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_akamai_bot_category_action" "web_archiver_bots_831ef84a-c2bb-4b0d-b90d-bcd16793b830" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
category_id = "831ef84a-c2bb-4b0d-b90d-bcd16793b830"
akamai_bot_category_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_akamai_bot_category_action" "business_intelligence_bots_8a70d29c-a491-4583-9768-7deea2f379c1" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
category_id = "8a70d29c-a491-4583-9768-7deea2f379c1"
akamai_bot_category_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_akamai_bot_category_action" "news_aggregator_bots_ade03247-6519-4591-8458-9b7347004b63" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
category_id = "ade03247-6519-4591-8458-9b7347004b63"
akamai_bot_category_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_akamai_bot_category_action" "rss_feed_reader_bots_b58c9929-9fd0-45f7-86f4-1d6259285c3c" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
category_id = "b58c9929-9fd0-45f7-86f4-1d6259285c3c"
akamai_bot_category_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_akamai_bot_category_action" "financial_account_aggregator_bots_c6692e03-d3a8-49b0-9566-5003eeaddbc1" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
category_id = "c6692e03-d3a8-49b0-9566-5003eeaddbc1"
akamai_bot_category_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_akamai_bot_category_action" "media_or_entertainment_search_bots_dff258d5-b1ad-4bbb-b1d1-cf8e700e5bba" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
category_id = "dff258d5-b1ad-4bbb-b1d1-cf8e700e5bba"
akamai_bot_category_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_akamai_bot_category_action" "seo_analytics_or_marketing_bots_f7558c03-9033-46ce-bbda-10eeda62a5d4" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
category_id = "f7558c03-9033-46ce-bbda-10eeda62a5d4"
akamai_bot_category_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_bot_detection_action" "declared_bots_keyword_match_074df68e-fb28-432a-ac6d-7cfb958425f1" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
detection_id = "074df68e-fb28-432a-ac6d-7cfb958425f1"
bot_detection_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_bot_detection_action" "session_validation_1bb748e2-b3ad-41db-85fa-c69e62be59dc" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
detection_id = "1bb748e2-b3ad-41db-85fa-c69e62be59dc"
bot_detection_action = jsonencode(
{
"action" : "monitor",
"sessionActivitySensitivity" : "MEDIUM"
}
)
}

resource "akamai_botman_bot_detection_action" "javascript_fingerprint_anomaly_393cba3d-656f-48f1-abe4-8dd5028c6871" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
detection_id = "393cba3d-656f-48f1-abe4-8dd5028c6871"
bot_detection_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_bot_detection_action" "cookie_integrity_failed_4f1fd3ea-7072-4cd0-8d12-24f275e6c75d" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
detection_id = "4f1fd3ea-7072-4cd0-8d12-24f275e6c75d"
bot_detection_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_bot_detection_action" "http_libraries_578dad32-024b-48b4-930c-db81831686f4" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
detection_id = "578dad32-024b-48b4-930c-db81831686f4"
bot_detection_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_bot_detection_action" "aggressive_web_crawlers_5bc041ad-c840-4202-9c2e-d7fc873dbeaf" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
detection_id = "5bc041ad-c840-4202-9c2e-d7fc873dbeaf"
bot_detection_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_bot_detection_action" "open_source_crawlersscraping_platforms_601192ae-f5e2-4a29-8f75-a0bcd3584c2b" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
detection_id = "601192ae-f5e2-4a29-8f75-a0bcd3584c2b"
bot_detection_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_bot_detection_action" "web_services_libraries_872ed6c2-514c-4055-9c44-9782b1c783bf" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
detection_id = "872ed6c2-514c-4055-9c44-9782b1c783bf"
bot_detection_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_bot_detection_action" "web_scraper_reputation_9712ab32-83bb-43ab-a46d-4c2a5a42e7e2" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
detection_id = "9712ab32-83bb-43ab-a46d-4c2a5a42e7e2"
bot_detection_action = jsonencode(
{
"action" : "monitor",
"webScraperReputationSensitivity" : 4
}
)
}

resource "akamai_botman_bot_detection_action" "browser_impersonator_a3b92f75-fa5d-436e-b066-426fc2919968" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
detection_id = "a3b92f75-fa5d-436e-b066-426fc2919968"
bot_detection_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_bot_detection_action" "headless_browsersautomation_tools_b88cba13-4d11-46fe-a7e0-b47e78892dc4" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
detection_id = "b88cba13-4d11-46fe-a7e0-b47e78892dc4"
bot_detection_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_bot_detection_action" "client_disabled_javascript_noscript_triggered_c5623efa-f326-41d1-9601-a2d201bedf63" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
detection_id = "c5623efa-f326-41d1-9601-a2d201bedf63"
bot_detection_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_bot_detection_action" "javascript_fingerprint_not_received_c7f70f75-e3e2-4181-8ef8-30afb6576147" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
detection_id = "c7f70f75-e3e2-4181-8ef8-30afb6576147"
bot_detection_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_bot_detection_action" "development_frameworks_da005ad3-8bbb-43c8-a783-d97d1fb71ad2" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
detection_id = "da005ad3-8bbb-43c8-a783-d97d1fb71ad2"
bot_detection_action = jsonencode(
{
"action" : "monitor"
}
)
}

resource "akamai_botman_bot_detection_action" "impersonators_of_known_bots_fda1ffb9-ef46-4570-929c-7449c0c750f8" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
detection_id = "fda1ffb9-ef46-4570-929c-7449c0c750f8"
bot_detection_action = jsonencode(
{
"action" : "monitor"
}
)
}


+ 61
- 0
tf-lab-master/modules/security/custom-rules.tf View File

@@ -0,0 +1,61 @@
resource "akamai_appsec_custom_rule" "blockme_header_rule" {
config_id = akamai_appsec_configuration.config.config_id
custom_rule = jsonencode(
{
"conditions" : [
{
"positiveMatch" : true,
"type" : "requestMethodMatch",
"value" : [
"GET"
]
},
{
"positiveMatch" : true,
"type" : "pathMatch",
"value" : [
"/*"
],
"valueCase" : false,
"valueIgnoreSegment" : true,
"valueNormalize" : true,
"valueWildcard" : true
},
{
"name" : [
"blockme",
"Blockme",
"blockMe",
"BlockMe"
],
"nameWildcard" : true,
"positiveMatch" : true,
"type" : "requestHeaderMatch",
"value" : [
"1",
"yes",
"true"
],
"valueCase" : false,
"valueWildcard" : true
}
],
"name" : "blockme header",
"operation" : "AND",
"tag" : [
"tflab"
]
}
)
}

output "custom_rule_id" {
value = akamai_appsec_custom_rule.blockme_header_rule.custom_rule_id
}

resource "akamai_appsec_custom_rule_action" "custom_rule_action" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
custom_rule_id = akamai_appsec_custom_rule.blockme_header_rule.custom_rule_id
custom_rule_action = "deny"
}

+ 8
- 0
tf-lab-master/modules/security/firewall.tf View File

@@ -0,0 +1,8 @@
// IP/GEO Firewall
resource "akamai_appsec_ip_geo" "ip_geo_firewall" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
mode = "block"
ukraine_geo_control_action = "none"
geo_network_lists = [var.geo_block_network_list_id]
}

+ 11
- 0
tf-lab-master/modules/security/javascript-injection.tf View File

@@ -0,0 +1,11 @@
resource "akamai_botman_javascript_injection" "jsinjection" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
javascript_injection = jsonencode(
{
"injectJavaScript" : "AROUND_PROTECTED_OPERATIONS",
"rules" : []
}
)
}


+ 23
- 0
tf-lab-master/modules/security/match-targets.tf View File

@@ -0,0 +1,23 @@
resource "akamai_appsec_match_target" "website_match_target" {
config_id = akamai_appsec_configuration.config.config_id
match_target = jsonencode(
{
"defaultFile" : "NO_MATCH",
"filePaths" : [
"/*"
],
"hostnames" : "${var.host_names}",
"isNegativeFileExtensionMatch" : false,
"isNegativePathMatch" : false,
"securityPolicy" : {
"policyId" : akamai_appsec_security_policy.security_policy.security_policy_id
},
"sequence" : 0,
"type" : "website"
}
)
}

output "match_target_id" {
value = akamai_appsec_match_target.website_match_target.match_target_id
}

+ 8
- 0
tf-lab-master/modules/security/penalty-box.tf View File

@@ -0,0 +1,8 @@
// Penalty Box
resource "akamai_appsec_penalty_box" "penalybox" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
penalty_box_protection = true
penalty_box_action = "alert"
}


+ 9
- 0
tf-lab-master/modules/security/policies.tf View File

@@ -0,0 +1,9 @@
resource "akamai_appsec_security_policy" "security_policy" {
config_id = akamai_appsec_configuration.config.config_id
default_settings = true
security_policy_name = var.security_policy_name
security_policy_prefix = var.security_policy_prefix
}
output "security_policy_id" {
value = akamai_appsec_security_policy.security_policy.security_policy_id
}

+ 57
- 0
tf-lab-master/modules/security/protections.tf View File

@@ -0,0 +1,57 @@
// Enable/Disable Protections for policy
resource "akamai_appsec_waf_protection" "waf_protection" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
enabled = true
}

resource "akamai_appsec_api_constraints_protection" "api_request_constraints" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
enabled = true
}

resource "akamai_appsec_ip_geo_protection" "ip_geo_protection" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
enabled = true
}

resource "akamai_appsec_malware_protection" "malware_protection" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
enabled = true
}

resource "akamai_appsec_rate_protection" "rate_protection" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
enabled = true
}

resource "akamai_appsec_reputation_protection" "reputation_protection" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
enabled = true
}

resource "akamai_appsec_slowpost_protection" "slowpost_protection" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
enabled = true
}

resource "akamai_botman_bot_management_settings" "bot_management" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
bot_management_settings = jsonencode(
{
"addAkamaiBotHeader" : false,
"enableActiveDetections" : true,
"enableBotManagement" : true,
"enableBrowserValidation" : false,
"removeBotManagementCookies" : false,
"thirdPartyProxyServiceInUse" : false
}
)
}

+ 8
- 0
tf-lab-master/modules/security/provider.tf View File

@@ -0,0 +1,8 @@
terraform {
required_providers {
akamai = {
source = "akamai/akamai"
version = "~> 5.1.0"
}
}
}

+ 190
- 0
tf-lab-master/modules/security/rate-policies.tf View File

@@ -0,0 +1,190 @@
resource "akamai_appsec_rate_policy" "post_page_requests" {
config_id = akamai_appsec_configuration.config.config_id
rate_policy = jsonencode(
{
"additionalMatchOptions" : [
{
"positiveMatch" : true,
"type" : "RequestMethodCondition",
"values" : [
"POST"
]
}
],
"averageThreshold" : 3,
"burstThreshold" : 5,
"clientIdentifier" : "ip",
"description" : "Mitigating HTTP flood attacks using POST requests",
"matchType" : "path",
"name" : "POST Page Requests",
"pathMatchType" : "Custom",
"pathUriPositiveMatch" : true,
"requestType" : "ClientRequest",
"sameActionOnIpv6" : true,
"type" : "WAF",
"useXForwardForHeaders" : false
}
)
}

resource "akamai_appsec_rate_policy" "origin_error" {
config_id = akamai_appsec_configuration.config.config_id
rate_policy = jsonencode(
{
"additionalMatchOptions" : [
{
"positiveMatch" : true,
"type" : "ResponseStatusCondition",
"values" : [
"400",
"401",
"402",
"403",
"404",
"405",
"406",
"407",
"408",
"409",
"410",
"500",
"501",
"502",
"503",
"504"
]
}
],
"averageThreshold" : 5,
"burstThreshold" : 8,
"clientIdentifier" : "ip",
"description" : "An excessive error rate from the origin could indicate malicious activity by a bot scanning the site or a publishing error. In both cases, this would increase the origin traffic and could potentially destabilize it.",
"matchType" : "path",
"name" : "Origin Error",
"pathMatchType" : "Custom",
"pathUriPositiveMatch" : true,
"requestType" : "ForwardResponse",
"sameActionOnIpv6" : true,
"type" : "WAF",
"useXForwardForHeaders" : false
}
)
}

resource "akamai_appsec_rate_policy" "page_view_requests" {
config_id = akamai_appsec_configuration.config.config_id
rate_policy = jsonencode(
{
"additionalMatchOptions" : [
{
"positiveMatch" : false,
"type" : "RequestMethodCondition",
"values" : [
"POST"
]
}
],
"averageThreshold" : 12,
"burstThreshold" : 18,
"clientIdentifier" : "ip",
"description" : "A popular brute force attack that consists of sending a large number of requests for base page, HTML page or XHR requests (usually non-cacheable). This could destabilize the origin.",
"fileExtensions" : {
"positiveMatch" : false,
"values" : [
"aif",
"aiff",
"au",
"avi",
"bin",
"bmp",
"cab",
"carb",
"cct",
"cdf",
"class",
"css",
"csv",
"dcr",
"doc",
"docx",
"dtd",
"ejs",
"ejss",
"eot",
"eps",
"exe",
"flv",
"gcf",
"gff",
"gif",
"grv",
"hdml",
"hdp",
"hqx",
"ico",
"ini",
"jar",
"jp2",
"jpeg",
"jpg",
"js",
"jxr",
"mid",
"midi",
"mov",
"mp3",
"mp4",
"nc",
"ogv",
"otc",
"otf",
"pct",
"pdf",
"pict",
"pls",
"png",
"ppc",
"ppt",
"pptx",
"ps",
"pws",
"svg",
"svgz",
"swa",
"swf",
"tif",
"tiff",
"ttc",
"ttf",
"txt",
"vbs",
"w32",
"wav",
"wbmp",
"wdp",
"webm",
"webp",
"wml",
"wmlc",
"wmls",
"wmlsc",
"woff",
"woff2",
"xls",
"xlsx",
"xsd",
"zip"
]
},
"matchType" : "path",
"name" : "Page View Requests",
"pathMatchType" : "Custom",
"pathUriPositiveMatch" : true,
"requestType" : "ClientRequest",
"sameActionOnIpv6" : true,
"type" : "WAF",
"useXForwardForHeaders" : false
}
)
}


+ 24
- 0
tf-lab-master/modules/security/rate-policy-actions.tf View File

@@ -0,0 +1,24 @@
// Rate Policy Actions
resource "akamai_appsec_rate_policy_action" "post_page_requests" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
rate_policy_id = akamai_appsec_rate_policy.post_page_requests.rate_policy_id
ipv4_action = "alert"
ipv6_action = "alert"
}

resource "akamai_appsec_rate_policy_action" "origin_error" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
rate_policy_id = akamai_appsec_rate_policy.origin_error.rate_policy_id
ipv4_action = "alert"
ipv6_action = "alert"
}

resource "akamai_appsec_rate_policy_action" "page_view_requests" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
rate_policy_id = akamai_appsec_rate_policy.page_view_requests.rate_policy_id
ipv4_action = "alert"
ipv6_action = "alert"
}

+ 96
- 0
tf-lab-master/modules/security/reputation-profiles.tf View File

@@ -0,0 +1,96 @@
resource "akamai_appsec_reputation_profile" "web_attackers_high_threat" {
config_id = akamai_appsec_configuration.config.config_id
reputation_profile = jsonencode(
{
"context" : "WEBATCK",
"name" : "Web Attackers (High Threat)",
"sharedIpHandling" : "NON_SHARED",
"threshold" : 9
}
)
}

resource "akamai_appsec_reputation_profile" "dos_attackers_high_threat" {
config_id = akamai_appsec_configuration.config.config_id
reputation_profile = jsonencode(
{
"context" : "DOSATCK",
"name" : "DoS Attackers (High Threat)",
"sharedIpHandling" : "NON_SHARED",
"threshold" : 9
}
)
}

resource "akamai_appsec_reputation_profile" "scanning_tools_high_threat" {
config_id = akamai_appsec_configuration.config.config_id
reputation_profile = jsonencode(
{
"context" : "SCANTL",
"name" : "Scanning Tools (High Threat)",
"sharedIpHandling" : "NON_SHARED",
"threshold" : 9
}
)
}

resource "akamai_appsec_reputation_profile" "web_attackers_low_threat" {
config_id = akamai_appsec_configuration.config.config_id
reputation_profile = jsonencode(
{
"context" : "WEBATCK",
"name" : "Web Attackers (Low Threat)",
"sharedIpHandling" : "NON_SHARED",
"threshold" : 5
}
)
}

resource "akamai_appsec_reputation_profile" "dos_attackers_low_threat" {
config_id = akamai_appsec_configuration.config.config_id
reputation_profile = jsonencode(
{
"context" : "DOSATCK",
"name" : "DoS Attackers (Low Threat)",
"sharedIpHandling" : "NON_SHARED",
"threshold" : 5
}
)
}

resource "akamai_appsec_reputation_profile" "scanning_tools_low_threat" {
config_id = akamai_appsec_configuration.config.config_id
reputation_profile = jsonencode(
{
"context" : "SCANTL",
"name" : "Scanning Tools (Low Threat)",
"sharedIpHandling" : "NON_SHARED",
"threshold" : 5
}
)
}

resource "akamai_appsec_reputation_profile" "web_scrapers_low_threat" {
config_id = akamai_appsec_configuration.config.config_id
reputation_profile = jsonencode(
{
"context" : "WEBSCRP",
"name" : "Web Scrapers (Low Threat)",
"sharedIpHandling" : "NON_SHARED",
"threshold" : 5
}
)
}

resource "akamai_appsec_reputation_profile" "web_scrapers_high_threat" {
config_id = akamai_appsec_configuration.config.config_id
reputation_profile = jsonencode(
{
"context" : "WEBSCRP",
"name" : "Web Scrapers (High Threat)",
"sharedIpHandling" : "NON_SHARED",
"threshold" : 9
}
)
}


+ 49
- 0
tf-lab-master/modules/security/reputation.tf View File

@@ -0,0 +1,49 @@
// Client Reputation Actions
resource "akamai_appsec_reputation_profile_action" "reputation_5426433" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
reputation_profile_id = akamai_appsec_reputation_profile.web_attackers_high_threat.reputation_profile_id
action = "alert"
}
resource "akamai_appsec_reputation_profile_action" "reputation_5426435" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
reputation_profile_id = akamai_appsec_reputation_profile.dos_attackers_high_threat.reputation_profile_id
action = "alert"
}
resource "akamai_appsec_reputation_profile_action" "reputation_5426437" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
reputation_profile_id = akamai_appsec_reputation_profile.scanning_tools_high_threat.reputation_profile_id
action = "alert"
}
resource "akamai_appsec_reputation_profile_action" "reputation_5426439" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
reputation_profile_id = akamai_appsec_reputation_profile.web_attackers_low_threat.reputation_profile_id
action = "alert"
}
resource "akamai_appsec_reputation_profile_action" "reputation_5426441" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
reputation_profile_id = akamai_appsec_reputation_profile.dos_attackers_low_threat.reputation_profile_id
action = "alert"
}
resource "akamai_appsec_reputation_profile_action" "reputation_5426443" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
reputation_profile_id = akamai_appsec_reputation_profile.scanning_tools_low_threat.reputation_profile_id
action = "alert"
}
resource "akamai_appsec_reputation_profile_action" "reputation_5426445" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
reputation_profile_id = akamai_appsec_reputation_profile.web_scrapers_low_threat.reputation_profile_id
action = "alert"
}
resource "akamai_appsec_reputation_profile_action" "reputation_5426447" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
reputation_profile_id = akamai_appsec_reputation_profile.web_scrapers_high_threat.reputation_profile_id
action = "alert"
}

+ 9
- 0
tf-lab-master/modules/security/response-actions.tf View File

@@ -0,0 +1,9 @@
resource "akamai_botman_challenge_interception_rules" "challenge_interception_rules" {
config_id = akamai_appsec_configuration.config.config_id
challenge_interception_rules = jsonencode(
{
"interceptAllRequests" : false
}
)
}


+ 29
- 0
tf-lab-master/modules/security/security-configuration.tf View File

@@ -0,0 +1,29 @@
resource "akamai_appsec_configuration" "config" {
name = "${var.user_id}-tflab"
description = "Security config for TF lab"
contract_id = var.contract_id
group_id = var.group_id
host_names = var.host_names
}

output "security_config_id" {
value = akamai_appsec_configuration.config.config_id
}

data "akamai_appsec_configuration" "security_configuration" {
name = "${var.user_id}-tflab"
depends_on = [akamai_appsec_configuration.config]
}

output "security_configuration_staging_version" {
value = data.akamai_appsec_configuration.security_configuration.staging_version
}

resource "akamai_appsec_activations" "appsecactivation" {
config_id = akamai_appsec_configuration.config.config_id
network = var.network
note = "Terraform activation"
notification_emails = [var.email]
version = data.akamai_appsec_configuration.security_configuration.latest_version
depends_on = [ akamai_appsec_match_target.website_match_target ]
}

+ 5
- 0
tf-lab-master/modules/security/selected-hostnames.tf View File

@@ -0,0 +1,5 @@
resource "akamai_appsec_selected_hostnames" "hostnames" {
config_id = akamai_appsec_configuration.config.config_id
hostnames = var.host_names
mode = "REPLACE"
}

+ 9
- 0
tf-lab-master/modules/security/slow-post.tf View File

@@ -0,0 +1,9 @@
// Slow Post Protection
resource "akamai_appsec_slow_post" "slow_post" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
slow_rate_action = "alert"
slow_rate_threshold_rate = 10
slow_rate_threshold_period = 60
}


+ 35
- 0
tf-lab-master/modules/security/variables.tf View File

@@ -0,0 +1,35 @@
variable "contract_id" {
type = string
}

variable "group_id" {
type = string
}

variable "user_id" {
type = string
}

variable "security_policy_prefix" {
type = number
}

variable "security_policy_name" {
type = string
}

variable "email" {
type = string
}

variable "network" {
type = string
}

variable "host_names" {
type = list(string)
}

variable "geo_block_network_list_id" {
type = string
}

+ 71
- 0
tf-lab-master/modules/security/waf.tf View File

@@ -0,0 +1,71 @@
resource "akamai_appsec_waf_mode" "waf_mode" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
mode = "ASE_AUTO"
}


// WAF Attack Group Actions
resource "akamai_appsec_attack_group" "attack_group_POLICY" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
attack_group = "POLICY"
attack_group_action = "alert"
}

resource "akamai_appsec_attack_group" "attack_group_WAT" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
attack_group = "WAT"
attack_group_action = "alert"
}

resource "akamai_appsec_attack_group" "attack_group_PROTOCOL" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
attack_group = "PROTOCOL"
attack_group_action = "alert"
}

resource "akamai_appsec_attack_group" "attack_group_SQL" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
attack_group = "SQL"
attack_group_action = "alert"
}

resource "akamai_appsec_attack_group" "attack_group_XSS" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
attack_group = "XSS"
attack_group_action = "alert"
}

resource "akamai_appsec_attack_group" "attack_group_CMD" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
attack_group = "CMD"
attack_group_action = "alert"
}

resource "akamai_appsec_attack_group" "attack_group_LFI" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
attack_group = "LFI"
attack_group_action = "alert"
}

resource "akamai_appsec_attack_group" "attack_group_RFI" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
attack_group = "RFI"
attack_group_action = "alert"
}

resource "akamai_appsec_attack_group" "attack_group_PLATFORM" {
config_id = akamai_appsec_configuration.config.config_id
security_policy_id = akamai_appsec_security_policy.security_policy.security_policy_id
attack_group = "PLATFORM"
attack_group_action = "alert"
}


+ 14
- 0
tf-lab-master/provider.tf View File

@@ -0,0 +1,14 @@
terraform {
required_providers {
akamai = {
source = "akamai/akamai"
version = "~> 5.1.0"
}
}
}


provider "akamai" {
edgerc = "~/.edgerc"
config_section = var.section
}

+ 15
- 0
tf-lab-master/terraform.tfvars View File

@@ -0,0 +1,15 @@
contract_id = "W-KXID8R"
group_id = "240886"
user_id = "<User ID>master"
secure = true
email = "<Your Email>"
geo_block_list = ["NZ"]
section = "default"
rule_format = "latest"
product_id = "SPM"
cp_code_id = 1523912
edge_hostname = "akaudevops.com.edgekey.net"
network = "STAGING"
security_policy_name = "<User ID>masterJS"
security_policy_prefix = 0410
host_names = ["<User ID>mastertflab.akaudevops.com"]

+ 119
- 0
tf-lab-master/variables.tf View File

@@ -0,0 +1,119 @@
variable "section" {
type = string
description = "Section in EdgeRC file that contains API client credentials"
}

variable "contract_id" {
type = string
description = "Contract ID for property/config creation"
}

variable "group_id" {
type = string
description = "Group ID for property/config creation"
}

variable "product_id" {
type = string
description = "Property Manager product"
}

variable "user_id"{
type = string
description = "unique ID for each lab user"
}

variable "rule_format" {
type = string
description = "Property rule format"
}

variable "secure" {
type = bool
description = "Switch between enhanced and standard TLS"
}

variable "email" {
type = string
description = "Email address used for activations"
}

variable "ip_block_list" {
type = list(any)
description = "IP Block List IPs"
default = []
}

variable "ip_block_list_exceptions" {
type = list(any)
description = "IP Block List Exceptions IPs"
default = []
}

variable "security_bypass_list" {
type = list(any)
description = "Security Bypass List IPs"
default = []
}

variable "rate_bypass_list" {
type = list(any)
description = "Rate Control Bypass List IPs"
default = []
}

variable "pragma_exceptions" {
type = list(any)
description = "Pragma Removal Exceptions IPs"
default = []
}

variable "enable_siem" {
type = bool
default = true
description = "On/Off option for SIEM feature"
}

variable "enable_client_rep" {
type = bool
default = true
description = "On/Off option for Client Reputation feature"
}

variable "enable_slow_post" {
type = bool
default = true
description = "On/Off option for Slow Post feature"
}

variable "cp_code_id" {
type = number
description = "CP Code for reporting"
}

variable "edge_hostname" {
type = string
description = "Edge hostname for property"
}

variable "network" {
type = string
description = "Akamai network for activation"
}

variable "security_policy_name" {
type = string
}

variable "security_policy_prefix" {
type = string
}

variable "host_names" {
type = list(string)
}

variable "geo_block_list" {
type = list(any)
description = "Blocked geos"
}

Write Preview
Loading…
Cancel
Save