Akamai App & API Protector (WAF)
Security configuration with policy, WAF mode, match targets, rate controls, and IP/geo blocking, activated to staging or production.
Verification
Plan-validatedPassed: module logic verified on a mocked plan — inputs, validation rules, conditional creation and outputs resolve (no real provider, no cloud).
Conformance
- Static validation (fmt · validate · tflint)
- Security scan: findings disclosed (Checkov)
- Plan tests (mocked: validation rules · outputs)
Provenance
- SHA-256 checksum
- Signature (pending)
Functional
- Live test pending (no cloud run yet)
Last verified 2026-06-28 · how we verify
Documentation
akamai-appsec-waf
Akamai App & API Protector (WAF) baseline in one module: security
configuration, policy with Akamai's recommended defaults, adaptive WAF mode,
website match target, rate controls, optional IP/geo/ASN firewall, and
staging/production activation. Works with Terraform and OpenTofu
(>= 1.6), Akamai provider >= 10.0, < 11.0.
Secure defaults:
- Security policy created with
default_settings = true(Akamai recommended protections) - WAF protection enabled, rules in
ASE_AUTO(adaptive) mode — Akamai keeps rule actions current - Match target covers all listed hostnames on
/* - A conservative alert-only rate-control spike detector ships enabled, so you
observe before you
deny
Verification
Static-validated (fmt, validate, tflint). Live apply/destroy testing pending cloud sandbox availability — see catalog status.
License
Commercial — IaC Bazaar EULA. © IaC Bazaar. Original work (not derived from a third-party module).
Usage code & full reference unlock after purchase
The complete copy-paste usage, the full input/output reference, and operational notes ship with your licence — shown here and bundled in the download.
- Usage
- Inputs
- Outputs