So I have my terraform file where I have created my uptime check, where I am checking the SSL certs and not the uptime, configured it so just to check the cert expire.
Now suppose by default
I have Acceptable HTTP Response Code 200 allowed but if I want to allow 404 code as well so that if the website gives 404 response but still by test passes how can I allow that in the terraform code..?
so for example
resource "google_monitoring_uptime_check_config" "https" {
display_name = "https-uptime-check"
timeout = "60s"
http_check {
path = "/some-path"
port = "443"
use_ssl = true
validate_ssl = true
}
monitored_resource {
type = "uptime_url"
labels = {
project_id = "my-project-name"
host = "192.168.1.1"
}
}
content_matchers {
content = "example"
matcher = "MATCHES_JSON_PATH"
json_path_matcher {
json_path = "$.path"
json_matcher = "REGEX_MATCH"
}
}
}
This is passed if I click test option
but I need to allow 404 as well so that the test will pass if the return is 404 as well.
Can anyone plz help me with the correct code to include 404 under Acceptable HTTP Response Code->Response Code Classes allow 404 and 200.
you can specify exact response codes:
http_check {
path = "/some-path"
port = "443"
use_ssl = true
validate_ssl = true
accepted_response_status_codes {
status_class = "STATUS_CLASS_2XX"
}
accepted_response_status_codes {
status_value = 404
}
accepted_response_status_codes {
status_value = 302
}
}
Related
I have .tfvars file in remote repository for some other infrastructure. I want to reuse the config file. I am working on new infrastructure but need to use the content of .tfvars. So far tried the following but I am not sure how to read the file I got via http url. Is there a better way of getting remote config?
data "http" "tfvars" {
url = "https://some#dev.azure.com/some/_git/sampleinfra?path=/infra/variable_folders.auto.tfvars"
request_headers = {
Accept = "application/json"
}
}
I want to add that the content of the file is json array
folderList = {
"main" = {
process= true
}
"base" = {
process= false
}
}
I am relatively new to terraform and am following an example from the following link:
[link to example here][1]
Code Snippet from above link:
resource "kubernetes_service" "example" {
metadata {
name = "terraform-example"
}
spec {
selector = {
app = kubernetes_pod.example.metadata.0.labels.app
}
session_affinity = "ClientIP"
port {
port = 8080
target_port = 80
}
If I need to specify multiple ports, would I achieve this as follows:
ports {
port {
name = "http-metrics"
port = 8080
target_port = "http-metrics"
}
port {
name = "telemetry"
port = 8081
target_port = "telemetry"
}
}
I've been scouring the docs and googling without success. Any help is appreciated.
UPDATE:
I came across an example that writes it this way:
port {
name = "https"
target_port = "http"
port = 443
}
port {
name = "http"
target_port = "http"
port = 80
}
I am thinking this might be what I'm looking for, but would appreciate it if someone could weigh in.
Thanks again
Your updated version is the would you would specify multiple values of an block-type attribute in terraform:
Where multiple such objects are possible, multiple blocks of the same type can be present.
So in your case you just duplicate port block to create multiple values for port attribute.
I'm kind of surprised that I'm running into this problem. I created an aws_wafregional_regex_pattern_set to block incoming requests that contain php in their URI. I expected all requests with php in them to be blocked. However the requests are still making it through. Perhaps, I'm misunderstanding what this resource actually does? I have attached some sample code below.
resource "aws_wafregional_rule" "block_uris_containining_php" {
name = "BlockUrisContainingPhp"
metric_name = "BlockUrisContainingPhp"
predicate {
data_id = "${aws_wafregional_regex_match_set.block_uris_containing_php.id}"
negated = false
type = "RegexMatch"
}
}
resource "aws_wafregional_regex_match_set" "block_uris_containing_php" {
name = "BlockUrisContainingPhp"
regex_match_tuple {
field_to_match {
type = "URI"
}
regex_pattern_set_id = "${aws_wafregional_regex_pattern_set.block_uris_containing_php.id}"
text_transformation = "NONE"
}
}
resource "aws_wafregional_regex_pattern_set" "block_uris_containing_php" {
name = "BlockUrisContainingPhp"
regex_pattern_strings = [ "php$" ]
}
This code creates a String and regex matching condition in AWS WAF. So, I know it's at least getting created. I used cloudwatch to check for blocked requests as I sent requests containing php to the load balancer, but each request went through successfully. Any help with this would be greatly appreciated.
I can't tell from snippet but did you add the rule to web ACL and set the rule action to block?
Also you should try using wafv2 instead of wafregional as wafv2 comes with new features and easier to express rules.
What I want:
I would like to have a static.example.com DNS records that link to a bucket in GCS containing my static images.
As I manage my DNS through Cloudflare, I think I need to use the fact that GCP can attribute me an anycast-IP , to link that IP to a GCP load balancer , that will be linked to bucket
What I currently have:
a bucket already created manually , named "static-images"
the load balancer linking to said bucket, created with
resource "google_compute_backend_bucket" "image_backend" {
name = "example-static-images"
bucket_name = "static-images"
enable_cdn = true
}
the routing to link to my bucket
resource "google_compute_url_map" "urlmap" {
name = "urlmap"
default_service = "${google_compute_backend_bucket.image_backend.self_link}"
host_rule {
hosts = ["static.example.com"]
path_matcher = "allpaths"
}
path_matcher {
name = "allpaths"
default_service = "${google_compute_backend_bucket.image_backend.self_link}"
path_rule {
paths = ["/static"]
service = "${google_compute_backend_bucket.image_backend.self_link}"
}
}
}
an ip created with:
resource "google_compute_global_address" "my_ip" {
name = "ip-for-static-example-com"
}
What I'm missing:
the terraform's equivalent to the "frontend configuration" when creating a load balancer from the web console
Looks like you're just missing a forwarding rule and target proxy.
The terraform docs on google_compute_global_forwarding_rule have a good example.
e.g.:
resource "google_compute_global_forwarding_rule" "default" {
name = "default-rule"
target = "${google_compute_target_http_proxy.default.self_link}"
port_range = 80 // or other e.g. for ssl
ip_address = "${google_compute_global_address.my_ip.address}"
}
resource "google_compute_target_http_proxy" "default" { // or https proxy
name = "default-proxy"
description = "an HTTP proxy"
url_map = "${google_compute_url_map.urlmap.self_link}"
}
hope this helps!
I am using an APIGateway lambda Authorizer with the following policy generation code but seems like even after setting the time to live on the authorizer lambda to zero still the policy is getting cached for some reason.
The caching behavior is random.
I have set the time to leave to zero because I want the authorizer to be called for each and every request.
This is my code:
var generatePolicy = function(principalId, effect, resource) {
var authResponse = {};
authResponse.principalId = principalId;
if (effect && resource) {
var policyDocument = {};
policyDocument.Version = '2012-10-17';
policyDocument.Statement = [];
var statementOne = {};
statementOne.Action = 'execute-api:Invoke';
statementOne.Effect = effect;
statementOne.Resource = resource.replace(/:function:.+$/, ':function:*');
policyDocument.Statement[0] = statementOne;
authResponse.policyDocument = policyDocument;
}
authResponse.context = {
"stringKey": "stringval",
"numberKey": 123,
"booleanKey": true
};
return authResponse;
}
}
Try changing the statementOne.Resource = '*'; this will work.
For a valid policy, API Gateway caches the returned policy, associated with the incoming token or identity source request parameters.