feat: add enable_waf_fail_open flag to alb

Author: tionichm

main.tf

@@ -122,6 +122,7 @@ resource "aws_lb" "default" {
   preserve_host_header             = var.preserve_host_header
   xff_header_processing_mode       = var.xff_header_processing_mode
   client_keep_alive                = var.client_keep_alive
+  enable_waf_fail_open             = var.enable_waf_fail_open
 
   access_logs {
     bucket  = try(element(compact([var.access_logs_s3_bucket_id, module.access_logs.bucket_id]), 0), "")

variables.tf

@@ -432,3 +432,9 @@ variable "reserved_capacity_units" {
   default     = null
   description = "The number of capacity units reserved for the load balancer"
 }
+
+variable "enable_waf_fail_open" {
+  type        = bool
+  default     = false
+  description = "Enable forwarding requests to the targets when commmunication between the ALB and its WAF integration fails."
+}