Add TODO's for WAF rules

terraform/modules/elixir-app/main.tf

@@ -365,6 +365,8 @@ resource "google_compute_security_policy" "default" {
 
   name = local.application_name
 
+  type = "CLOUD_ARMOR"
+
   rule {
     action   = "allow"
     priority = "2147483647"
@@ -380,6 +382,8 @@ resource "google_compute_security_policy" "default" {
     description = "default allow rule"
   }
 
+  # TODO: Configure more WAF rules
+
   depends_on = [
     google_project_service.compute,
     google_project_service.pubsub,

terraform/modules/relay-app/main.tf

@@ -344,28 +344,7 @@ resource "google_compute_region_instance_group_manager" "application" {
   ]
 }
 
-# Define a security policy which allows to filter traffic by IP address,
-# an edge security policy can also detect and block common types of web attacks
-resource "google_compute_security_policy" "default" {
-  project = var.project_id
-
-  name = local.application_name
-
-  rule {
-    action   = "allow"
-    priority = "2147483647"
-
-    match {
-      versioned_expr = "SRC_IPS_V1"
-
-      config {
-        src_ip_ranges = ["*"]
-      }
-    }
-
-    description = "default allow rule"
-  }
-}
+# TODO: Rate limit requests to the relays by source IP address
 
 # Open ports for the web
 resource "google_compute_firewall" "stun-turn-ipv4" {