Introducing Cloud WAF Terraform Support

Terraform, from HashiCorp, enables DevOps teams to deploy cloud infrastructure as code. Fastly supports Terraform across our product lines and today we’re excited to share enhancements to our Next-Gen WAF Terraform provider for our Cloud WAF deployment model which will further streamline operations for our secure DevOps users.

A key capability of the Fastly Next-Gen WAF (powered by Signal Sciences) is the broadest range of deployment options for a WAF – on-premises, at the edge, or in the cloud. We combine this flexibility with a strong commitment to infrastructure as code (IaC) to support modern, automated deployment with solutions like Terraform. With today’s update, we’ve extended our Terraform support to include provisioning new Cloud WAF deployments for new application instances and managing certificates to secure them. This functionality, in addition to our existing Terraform providers for the core functionality of the Fastly Next-Gen WAF and Fastly CDN, enables DevOps teams to seamlessly deploy our cloud-based WAF solution alongside other changes to their environment when using Terraform. This functionality has always been part of our API and web interfaces, and now we have extended it to cover IaC use cases. 

Our cloud-based WAF deployment method is quick to deploy and easy to manage. There are no agents to deploy – we maintain the WAF and run it in our cloud infrastructure. Instead, a simple DNS change is all that’s needed to protect your applications with the Fastly Next-Gen WAF. A single management console streamlines monitoring and maintenance of all WAF instances, even in hybrid environments with a mix of cloud, edge, and agent deployments. 

Deploying a Cloud WAF Instance is documented on the Terraform Registry sigsci_corp_cloudwaf_instance resource page and can be done with the following HCL:

resource "sigsci_corp_cloudwaf_instance" "test_corp_cloudwaf" {
name = "Test CloudWAF"
description = "for test"
region = "ap-northeast-1"
tls_min_version = "1.2"
use_uploaded_certificates = true
workspace_configs {
site_name = sigsci_site.this.short_name
instance_location = "direct"
listener_protocols = [ "https", ]
routes {
certificate_ids = [
connection_pooling = true
domains = [ "", ]
origin = ""
pass_host_header = true
trust_proxy_headers = false

Additionally, when using your own domain names with cloud-based deployments (as opposed to Fastly subdomains), it is possible to upload your own certificates to be associated with those domains. To upload your own certificates, use the `sigsci_corp_cloudwaf_certificate` resource (defined below). For certificates, updates only support changing the name so any change to the private key or certificates will result in a new resource being created. See more on this in the Terraform Registry documentation.

resource "sigsci_corp_cloudwaf_certificate" "test_corp_cloudwaf_certificate" {
name = "Test Cloud WAF Certificate"
certificate_body = <<CERT
[encoded certificate]
certificate_chain = <<CHAIN
[encoded certificate chain]
private_key = <<PRIVATEKEY
[encoded privatekey]]

Ready to get started? Get the Fastly WAF Terraform provider today. 

Read more about Fastly and Terraform:

Talk to us!

Liam Mayron
Staff Product Manager

2 min read

Want to continue the conversation?
Schedule time with an expert
Share this post
Liam Mayron
Staff Product Manager

Liam Mayron is a Staff Product Manager at Fastly where he focuses on security. He's held a variety of roles at LogRhythm, Akamai, and Harris Corp. (now L3Harris Technologies). Additionally, he was an Assistant Professor at the Florida Institute of Technology where he created the Master of Science in Information Assurance and Cybersecurity degree program. He has a Ph.D. in computer engineering and is a Certified Information Systems Security Professional (CISSP).

Ready to get started?

Get in touch or create an account.