Complete infrastructure and integration updates

Infrastructure improvements: - Update CloudFront distribution with ACM certificate support - Enable custom domain aliases when certificate is available - Add comprehensive WAF outputs for CrowdSec integration - Update variables with current configuration defaults New files: - Add CrowdSec WAF integration documentation - Add sync script for CrowdSec to WAF automation - Add MCP configuration for development tools Configuration updates: - Align Terraform configuration with deployed state - Enable ACM certificate and Route53 DNS by default - Maintain HTTP-only origin protocol for compatibility 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-09 15:33:36 +09:00
parent d5440630f5
commit b87947e3e3
7 changed files with 515 additions and 10 deletions
--- a/outputs.tf
+++ b/outputs.tf
@@ -67,6 +67,17 @@ output "waf_web_acl_id" {
  value       = var.enable_waf ? aws_wafv2_web_acl.cloudfront[0].id : null
 }

+output "waf_blocked_ips_set_arn" {
+  description = "WAF Blocked IPs IP Set ARN"
+  value       = var.enable_waf ? aws_wafv2_ip_set.blocked_ips[0].arn : null
+}
+
+output "waf_blocked_ips_set_id" {
+  description = "WAF Blocked IPs IP Set ID"
+  value       = var.enable_waf ? aws_wafv2_ip_set.blocked_ips[0].id : null
+}
+
+
 # Origin Information
 output "origin_domain" {
  description = "Origin domain name"
@@ -110,4 +121,16 @@ output "domain_validation_records" {
      value  = dvo.resource_record_value
    }
  ]
-}
+}
+
+# CrowdSec Integration Information
+output "crowdsec_sync_command" {
+  description = "Command to synchronize CrowdSec with WAF"
+  value       = "incus exec crowdsec -- /usr/local/bin/crowdsec-waf-sync sync"
+}
+
+output "waf_ip_set_id" {
+  description = "WAF IP Set ID for CrowdSec integration"
+  value       = var.enable_waf ? aws_wafv2_ip_set.blocked_ips[0].id : null
+}
+