Terraform AWS WAFv2 WAFv2 web ACLs, rule groups, IP sets, and regex pattern sets with managed and custom rules, CloudWatch visibility metrics, logging configuration, and CloudFront or regional scope for request filtering.
Controls enforced These compliance controls are checked at terraform plan time.
Quick start ACSC Essential Eight HIPAA Omnibus Rule 2013 ISO/IEC 27001:2022 NIS2 Directive (EU 2022/2555) NIST SP 800-171 Rev 2 PCI DSS v4.0 SOC 2
module "wafv2" { source = "acscessentialeight.compliance.tf/terraform-aws-modules/wafv2/aws" version = "1.0" # ... your arguments here } module "wafv2" { source = "hipaa.compliance.tf/terraform-aws-modules/wafv2/aws" version = "1.0" # ... your arguments here } module "wafv2" { source = "iso27001.compliance.tf/terraform-aws-modules/wafv2/aws" version = "1.0" # ... your arguments here } module "wafv2" { source = "nis2.compliance.tf/terraform-aws-modules/wafv2/aws" version = "1.0" # ... your arguments here } module "wafv2" { source = "nist800171.compliance.tf/terraform-aws-modules/wafv2/aws" version = "1.0" # ... your arguments here } module "wafv2" { source = "pcidss.compliance.tf/terraform-aws-modules/wafv2/aws" version = "1.0" # ... your arguments here } module "wafv2" { source = "soc2.compliance.tf/terraform-aws-modules/wafv2/aws" version = "1.0" # ... your arguments here } View this module on the compliance.tf registry β versions, inputs, and outputs β
See the Get Started guide and Registry Endpoints for details on how to customize the module for your requirements.
Migration from upstream Already using terraform-aws-modules? Change only the source URL:
Before After
module "wafv2" { source = "terraform-aws-modules/wafv2/aws" version = "1.0" } module "wafv2" { source = "soc2.compliance.tf/terraform-aws-modules/wafv2/aws" version = "1.0" } Same arguments. Same outputs. Controls are checked at terraform plan. See the Migration Guide for step-by-step instructions.
Reversibility No lock-in. Switch back by reverting the source URL:
module "wafv2" { source = "terraform-aws-modules/wafv2/aws" } Run terraform init -upgrade. Terraform state is unchanged β same resource addresses, same provider, no compliance.tf-specific resources. Controls you already applied remain in AWS.
Mapped compliance frameworks ACSC Essential Eight HIPAA Omnibus Rule 2013 ISO/IEC 27001:2022 NIS2 Directive (EU 2022/2555) NIST SP 800-171 Rev 2 PCI DSS v4.0 SOC 2
ACSC-EE-ML3-7.10: Multi-factor authentication ML3
164.308(a)(1)(ii)(D): Administrative Safeguards
A.8.16 Monitoring activities
3.14.7: Identify unauthorized use of organizational systems.
10.2.1.1: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.
10.4.1.1: Audit logs are reviewed to identify anomalies or suspicious activity.
10.4.1: Audit logs are reviewed to identify anomalies or suspicious activity.
10.4.2: Audit logs are reviewed to identify anomalies or suspicious activity.
10.6.3: Time-synchronization mechanisms support consistent time settings across all systems.
10.7.1: Failures of critical security control systems are detected, reported, and responded to promptly.
10.7.2: Failures of critical security control systems are detected, reported, and responded to promptly.
A3.3.1: PCI DSS is incorporated into business-as-usual (BAU) activities.
A3.5.1: Suspicious events are identified and responded to.
A1.2 The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data back-up processes, and recovery infrastructure to meet its objectives
CC7.2: The entity monitors system components and the operation of those components for anomalies that are indicative of malicious acts, natural disasters, and errors affecting the entity's ability to meet its objectives; anomalies are analyzed to determine whether they represent security events.
Framework coverage Which controls from this module are active under each framework endpoint.
β enforced by default Β· β not activated by this endpoint
