Skip to content

New resource: aws_wafv2_web_acl_rule_group_association #43561

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 37 commits into from
Aug 7, 2025
Merged

New resource: aws_wafv2_web_acl_rule_group_association #43561

merged 37 commits into from
Aug 7, 2025

Conversation

@YakDriver
Copy link
Member

@YakDriver YakDriver commented Jul 25, 2025
edited
Loading

Rollback Plan

If a change needs to be reverted, we will publish an updated version of the library.

Changes to Security Controls

Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.

Description

This pull request introduces a new Terraform resource aws_wafv2_web_acl_rule_group_association to the AWS Provider, addressing a long-standing community need for managing WAFv2 Web ACL rule group associations. The resource enables users to associate rule groups with Web ACLs programmatically through Terraform, providing fine-grained control over WAF configurations including support for override actions. This enhancement fills a critical gap in the provider's WAFv2 coverage.

The implementation includes comprehensive test coverage with three test scenarios covering basic functionality, resource disappears behavior, and override action configurations. All acceptance tests pass successfully, demonstrating the resource's reliability and proper integration with the AWS WAFv2 API. The PR is marked as prioritized by the maintainer team and represents a significant addition to the provider's security-focused capabilities, enabling more complete infrastructure-as-code management of AWS WAF configurations.

Relations

Closes #36941

Relates:

References

Output from Acceptance Testing

% make t T=TestAccWAFV2WebACLRuleGroupAssociation_ K=wafv2     
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.24.5 test ./internal/service/wafv2/... -v -count 1 -parallel 20 -run='TestAccWAFV2WebACLRuleGroupAssociation_'  -timeout 360m -vet=off
2025/07/30 13:31:20 Creating Terraform AWS Provider (SDKv2-style)...
2025/07/30 13:31:20 Initializing Terraform AWS Provider (SDKv2-style)...
=== RUN   TestAccWAFV2WebACLRuleGroupAssociation_basic
=== PAUSE TestAccWAFV2WebACLRuleGroupAssociation_basic
=== RUN   TestAccWAFV2WebACLRuleGroupAssociation_disappears
=== PAUSE TestAccWAFV2WebACLRuleGroupAssociation_disappears
=== RUN   TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_overrideAction
=== PAUSE TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_overrideAction
=== RUN   TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_ruleActionOverride
=== PAUSE TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_ruleActionOverride
=== RUN   TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_ruleActionOverrideUpdate
=== PAUSE TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_ruleActionOverrideUpdate
=== RUN   TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_priorityUpdate
=== PAUSE TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_priorityUpdate
=== RUN   TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_overrideActionUpdate
=== PAUSE TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_overrideActionUpdate
=== RUN   TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_ruleNameRequiresReplace
=== PAUSE TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_ruleNameRequiresReplace
=== RUN   TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_webACLARNRequiresReplace
=== PAUSE TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_webACLARNRequiresReplace
=== RUN   TestAccWAFV2WebACLRuleGroupAssociation_ManagedRuleGroup_basic
=== PAUSE TestAccWAFV2WebACLRuleGroupAssociation_ManagedRuleGroup_basic
=== RUN   TestAccWAFV2WebACLRuleGroupAssociation_ManagedRuleGroup_withVersion
=== PAUSE TestAccWAFV2WebACLRuleGroupAssociation_ManagedRuleGroup_withVersion
=== RUN   TestAccWAFV2WebACLRuleGroupAssociation_ManagedRuleGroup_ruleActionOverride
=== PAUSE TestAccWAFV2WebACLRuleGroupAssociation_ManagedRuleGroup_ruleActionOverride
=== CONT  TestAccWAFV2WebACLRuleGroupAssociation_basic
=== CONT  TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_overrideActionUpdate
=== CONT  TestAccWAFV2WebACLRuleGroupAssociation_ManagedRuleGroup_basic
=== CONT  TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_webACLARNRequiresReplace
=== CONT  TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_ruleNameRequiresReplace
=== CONT  TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_ruleActionOverride
=== CONT  TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_overrideAction
=== CONT  TestAccWAFV2WebACLRuleGroupAssociation_ManagedRuleGroup_ruleActionOverride
=== CONT  TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_priorityUpdate
=== CONT  TestAccWAFV2WebACLRuleGroupAssociation_ManagedRuleGroup_withVersion
=== CONT  TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_ruleActionOverrideUpdate
=== CONT  TestAccWAFV2WebACLRuleGroupAssociation_disappears
--- PASS: TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_overrideAction (25.53s)
--- PASS: TestAccWAFV2WebACLRuleGroupAssociation_ManagedRuleGroup_basic (25.56s)
--- PASS: TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_ruleActionOverride (28.94s)
--- PASS: TestAccWAFV2WebACLRuleGroupAssociation_disappears (38.99s)
--- PASS: TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_overrideActionUpdate (41.14s)
--- PASS: TestAccWAFV2WebACLRuleGroupAssociation_basic (44.90s)
--- PASS: TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_webACLARNRequiresReplace (49.64s)
--- PASS: TestAccWAFV2WebACLRuleGroupAssociation_ManagedRuleGroup_withVersion (53.63s)
--- PASS: TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_ruleNameRequiresReplace (55.91s)
--- PASS: TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_ruleActionOverrideUpdate (60.33s)
--- PASS: TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_priorityUpdate (60.87s)
--- PASS: TestAccWAFV2WebACLRuleGroupAssociation_ManagedRuleGroup_ruleActionOverride (63.24s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/wafv2	68.241s

@YakDriver YakDriver requested a review from a team as a code owner July 25, 2025 23:11
@github-actions
Copy link
Contributor

Community Guidelines

This comment is added to every new Pull Request to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

  • Please vote on this Pull Request by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
  • Please see our prioritization guide for additional information on how the maintainers handle prioritization.
  • Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Pull Request and do not help prioritize the request.

Pull Request Authors

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added documentation Introduces or discusses updates to documentation. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. service/wafv2 Issues and PRs that pertain to the wafv2 service. generators Relates to code generators. prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. size/XL Managed by automation to categorize the size of a PR. labels Jul 25, 2025
@YakDriver YakDriver changed the title New resource: aws_wafv2_web_acl_rule_group_association New resource: aws_wafv2_web_acl_rule_group_association Jul 28, 2025
@github-actions github-actions bot added the repository Repository modifications; GitHub Actions, developer docs, issue templates, codeowners, changelog. label Jul 29, 2025
@YakDriver YakDriver mentioned this pull request Jul 29, 2025
Merged
ewbankkit
ewbankkit reviewed Jul 31, 2025
View reviewed changes
jar-b
jar-b reviewed Jul 31, 2025
View reviewed changes
@YakDriver YakDriver enabled auto-merge August 6, 2025 20:34
ewbankkit
ewbankkit approved these changes Aug 7, 2025
View reviewed changes
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

% make testacc TESTARGS='-run=TestAccWAFV2WebACLRuleGroupAssociation_' PKG=wafv2
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.24.5 test ./internal/service/wafv2/... -v -count 1 -parallel 20  -run=TestAccWAFV2WebACLRuleGroupAssociation_ -timeout 360m -vet=off
2025/08/07 10:17:10 Creating Terraform AWS Provider (SDKv2-style)...
2025/08/07 10:17:10 Initializing Terraform AWS Provider (SDKv2-style)...
=== RUN   TestAccWAFV2WebACLRuleGroupAssociation_basic
=== PAUSE TestAccWAFV2WebACLRuleGroupAssociation_basic
=== RUN   TestAccWAFV2WebACLRuleGroupAssociation_disappears
=== PAUSE TestAccWAFV2WebACLRuleGroupAssociation_disappears
=== RUN   TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_overrideAction
=== PAUSE TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_overrideAction
=== RUN   TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_ruleActionOverride
=== PAUSE TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_ruleActionOverride
=== RUN   TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_ruleActionOverrideUpdate
=== PAUSE TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_ruleActionOverrideUpdate
=== RUN   TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_priorityUpdate
=== PAUSE TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_priorityUpdate
=== RUN   TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_overrideActionUpdate
=== PAUSE TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_overrideActionUpdate
=== RUN   TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_ruleNameRequiresReplace
=== PAUSE TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_ruleNameRequiresReplace
=== RUN   TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_webACLARNRequiresReplace
=== PAUSE TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_webACLARNRequiresReplace
=== RUN   TestAccWAFV2WebACLRuleGroupAssociation_ManagedRuleGroup_basic
=== PAUSE TestAccWAFV2WebACLRuleGroupAssociation_ManagedRuleGroup_basic
=== RUN   TestAccWAFV2WebACLRuleGroupAssociation_ManagedRuleGroup_withVersion
=== PAUSE TestAccWAFV2WebACLRuleGroupAssociation_ManagedRuleGroup_withVersion
=== RUN   TestAccWAFV2WebACLRuleGroupAssociation_ManagedRuleGroup_ruleActionOverride
=== PAUSE TestAccWAFV2WebACLRuleGroupAssociation_ManagedRuleGroup_ruleActionOverride
=== CONT  TestAccWAFV2WebACLRuleGroupAssociation_basic
=== CONT  TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_overrideActionUpdate
=== CONT  TestAccWAFV2WebACLRuleGroupAssociation_ManagedRuleGroup_basic
=== CONT  TestAccWAFV2WebACLRuleGroupAssociation_ManagedRuleGroup_ruleActionOverride
=== CONT  TestAccWAFV2WebACLRuleGroupAssociation_ManagedRuleGroup_withVersion
=== CONT  TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_webACLARNRequiresReplace
=== CONT  TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_ruleActionOverride
=== CONT  TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_priorityUpdate
=== CONT  TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_ruleActionOverrideUpdate
=== CONT  TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_ruleNameRequiresReplace
=== CONT  TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_overrideAction
=== CONT  TestAccWAFV2WebACLRuleGroupAssociation_disappears
--- PASS: TestAccWAFV2WebACLRuleGroupAssociation_ManagedRuleGroup_withVersion (31.64s)
--- PASS: TestAccWAFV2WebACLRuleGroupAssociation_ManagedRuleGroup_ruleActionOverride (39.17s)
--- PASS: TestAccWAFV2WebACLRuleGroupAssociation_basic (42.99s)
--- PASS: TestAccWAFV2WebACLRuleGroupAssociation_ManagedRuleGroup_basic (43.33s)
--- PASS: TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_ruleNameRequiresReplace (46.34s)
--- PASS: TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_ruleActionOverride (48.20s)
--- PASS: TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_priorityUpdate (50.00s)
--- PASS: TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_webACLARNRequiresReplace (53.43s)
--- PASS: TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_overrideActionUpdate (58.60s)
--- PASS: TestAccWAFV2WebACLRuleGroupAssociation_disappears (60.70s)
--- PASS: TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_overrideAction (69.06s)
--- PASS: TestAccWAFV2WebACLRuleGroupAssociation_RuleGroupReference_ruleActionOverrideUpdate (75.19s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/wafv2	80.539s

@YakDriver YakDriver merged commit d30df6b into main Aug 7, 2025
63 checks passed
@YakDriver YakDriver deleted the f-wafv2-acl-rules branch August 7, 2025 14:20
@github-actions
Copy link
Contributor

github-actions bot commented Aug 7, 2025

Warning

This Issue has been closed, meaning that any additional comments are much easier for the maintainers to miss. Please assume that the maintainers will not see them.

Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.

@github-actions github-actions bot added this to the v6.8.0 milestone Aug 7, 2025
terraform-aws-provider bot pushed a commit that referenced this pull request Aug 7, 2025
Update CHANGELOG.md for #43561
d6cd426
@github-actions github-actions bot removed the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Aug 7, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Aug 7, 2025

This functionality has been released in v6.8.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@YakDriver YakDriver mentioned this pull request Aug 12, 2025
Closed
@github-actions
Copy link
Contributor

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 12, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@jar-b jar-b jar-b left review comments

@ewbankkit ewbankkit ewbankkit approved these changes

Assignees

No one assigned

Labels

documentation Introduces or discusses updates to documentation. generators Relates to code generators. repository Repository modifications; GitHub Actions, developer docs, issue templates, codeowners, changelog. service/wafv2 Issues and PRs that pertain to the wafv2 service. size/XL Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.

Projects

None yet

Milestone

v6.8.0

Development

Successfully merging this pull request may close these issues.

[New Resource]: WAFv2 update rules shared with Firewall Manager

3 participants

@YakDriver @ewbankkit @jar-b