eli-537 minor changes based on initial review

eddalmond1 · eddalmond1 · commit 4c8d78277b7b · 2026-03-03T10:04:32.000Z
diff --git a/infrastructure/stacks/api-layer/variables.tf b/infrastructure/stacks/api-layer/variables.tf
@@ -12,7 +12,7 @@ variable "SPLUNK_HEC_ENDPOINT" {
 # WAF deployment environments (list of environment names where WAF should be deployed)
 variable "waf_enabled_environments" {
   type        = list(string)
-  description = "Environments in which WAF resources are deployed. Adjust to disable in test after evaluation."
+  description = "Environments in which WAF resources are deployed"
   default     = ["preprod", "prod"]
 }
 
diff --git a/infrastructure/stacks/api-layer/waf.tf b/infrastructure/stacks/api-layer/waf.tf
@@ -1,6 +1,4 @@
 # WAF Web ACL for API Gateway
-# Only deployed in production environment for cost optimization
-
 resource "aws_wafv2_web_acl" "api_gateway" {
   count       = local.waf_enabled ? 1 : 0
   name        = "${local.workspace}-eligibility-signposting-api-waf"
diff --git a/infrastructure/stacks/api-layer/waf_alarms.tf b/infrastructure/stacks/api-layer/waf_alarms.tf
@@ -135,7 +135,7 @@ resource "aws_cloudwatch_metric_alarm" "waf_rate_limit_blocks" {
 # Alarm for blocked non-UK requests
 # In preprod US is also allowed (for GitHub Actions), so this alarm fires on traffic
 # from countries outside GB+US. In prod it fires on anything outside GB.
-resource "aws_cloudwatch_metric_alarm" "waf_non_uk_counted" {
+resource "aws_cloudwatch_metric_alarm" "waf_non_uk_blocked" {
   count               = local.waf_enabled ? 1 : 0
   alarm_name          = "WAF-NonUK-BlockedRequests-${local.workspace}"
   alarm_description   = "Alerts when non-UK requests are blocked by geo rule - may indicate stolen mTLS cert use from outside UK"
@@ -170,7 +170,7 @@ resource "aws_cloudwatch_metric_alarm" "waf_non_uk_counted" {
 resource "aws_cloudwatch_metric_alarm" "waf_all_requests_high" {
   count               = local.waf_enabled ? 1 : 0
   alarm_name          = "WAF-AllRequests-High-${local.workspace}"
-  alarm_description   = "Monitors total request volume through WAF"
+  alarm_description   = "Monitors total allowed request volume through WAF"
   comparison_operator = "GreaterThanThreshold"
   evaluation_periods  = 2
   metric_name         = "AllowedRequests"

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ variable "SPLUNK_HEC_ENDPOINT" {`
`12`	`12`	`# WAF deployment environments (list of environment names where WAF should be deployed)`
`13`	`13`	`variable "waf_enabled_environments" {`
`14`	`14`	`type = list(string)`
`15`		`- description = "Environments in which WAF resources are deployed. Adjust to disable in test after evaluation."`
	`15`	`+ description = "Environments in which WAF resources are deployed"`
`16`	`16`	`default = ["preprod", "prod"]`
`17`	`17`	`}`
`18`	`18`