Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 1 - Policy Creation)
This is a green field scenario. Here we will use the Terraform resources to create a F5 BIG-IP Advanced WAF Policy and manage its lifecycle.
Table of Content
- Table of Content
- Workflow for creating a F5 BIG-IP Advanced Web Application Firewall Policy
- Create an API Protection F5 BIG-IP Advanced WAF Policy
- Demo Video
- Resources
- Article Series
Workflow for creating a F5 BIG-IP Advanced Web Application Firewall Policy
First, create 3 files:
- main.tf
- variables.tf
- inputs.auto.tfvars
variables.tf
variable bigip {}
variable username {}
variable password {}
inputs.auto.tfvars
bigip = "10.1.1.9:443"
username = "admin"
password = "yYyYyYy"
main.tf
terraform {
required_providers {
bigip = {
source = "F5Networks/bigip"
version = "1.15"
}
}
}
provider "bigip" {
address = var.bigip
username = var.username
password = var.password
}
resource "bigip_waf_policy" "this" {
name = "scenario1"
partition = "Common"
template_name = "POLICY_TEMPLATE_RAPID_DEPLOYMENT"
application_language = "utf-8"
enforcement_mode = "blocking"
server_technologies = ["Apache Tomcat", "MySQL", "Unix/Linux"]
}
here is how run it:
foo@bar:~$ terraform init
foo@bar:~$ terraform plan -out scenario1.waf
foo@bar:~$ terraform apply "scenario1"
Create an API Protection F5 BIG-IP Advanced WAF Policy
Here we are going to create an F5 BIG-IP Advanced WAF Policy protecting a RESTful API importing an OpenAPI Specifications File (both OAS v2.0 and v3.0 are supported).
variables.tf
variable bigip {}
variable username {}
variable password {}
inputs.auto.tfvars
bigip = "10.1.1.9:443"
username = "admin"
password = "yYyYyYy"
main.tf
terraform {
required_providers {
bigip = {
source = "F5Networks/bigip"
version = "1.15"
}
}
}
provider "bigip" {
address = var.bigip
username = var.username
password = var.password
}
resource "bigip_waf_policy" "this" {
partition = "Common"
name = "scenario1.swagger"
template_name = "POLICY_TEMPLATE_API_SECURITY"
application_language = "utf-8"
enforcement_mode = "blocking"
server_technologies = ["MySQL", "Unix/Linux", "MongoDB"]
open_api_files = ["https://api.swaggerhub.com/apis/F5EMEASSA/API-Sentence/3.0.1"]
parameters = [data.bigip_waf_entity_parameter.P1.json, data.bigip_waf_entity_parameter.P2.json, data.bigip_waf_entity_parameter.P3.json]
signatures = [data.bigip_waf_signatures.S1.json, data.bigip_waf_signatures.S2.json]
What we do here is the equivalent of the following manual configuration:
How to create an OpenAPI security policy using a Swagger file.
here is how run it:
foo@bar:~$ terraform init
foo@bar:~$ terraform plan -out scenario1.swagger
foo@bar:~$ terraform apply "scenario1"
Demo Video
Resources
Terraform Registry documentationManage F5 BIG-IP Advanced WAF Policies with Terraform (Part 1 - Policy Creation)
Published Sep 23, 2022
Version 1.0Fouad_Chmainy
Employee
Joined May 16, 2019
Patrick_Echeverria
Employee
Joined November 17, 2005
No CommentsBe the first to comment