fix: Remove CSRF regex pattern from WAF out-of-country rule

[wmoussa-gc]

Summary | Résumé

To mitigate the risk of a CSRF attack during form submission, a CSRF token is requested. Therefore, this is not an endpoint that needs to be monitored for sign-ins from outside the country.

[github-actions]

⚠ Terrform update available

Terraform: 1.8.4 (using 1.6.6)
Terragrunt: 0.58.12 (using 0.54.8)

[github-actions]

Staging: load_balancer

✅   Terraform Init: success
✅   Terraform Validate: success
✅   Terraform Format: success
✅   Terraform Plan: success
✅   Conftest: success

Plan: 0 to add, 1 to change, 0 to destroy

Show summary

CHANGE	NAME
update	aws_wafv2_regex_pattern_set.cognito_login_paths

Show plan

Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_wafv2_regex_pattern_set.cognito_login_paths will be updated in-place
  ~ resource "aws_wafv2_regex_pattern_set" "cognito_login_paths" {
        id          = "06fb5625-dab4-4133-ab2d-2e618dd01c47"
        name        = "cognito_login_paths"
        tags        = {}
        # (5 unchanged attributes hidden)

      - regular_expression {
          - regex_string = "^\\/(api\\/auth\\/csrf)$" -> null
        }

        # (2 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "plan.tfplan"

Show Conftest results

WARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.form_viewer"]
WARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.form_viewer_maintenance_mode"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudfront_distribution.maintenance_mode"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.firehose_waf_logs"]
WARN - plan.json - main - Missing Common Tags: ["aws_kinesis_firehose_delivery_stream.firehose_waf_logs"]
WARN - plan.json - main - Missing Common Tags: ["aws_lb.form_viewer"]
WARN - plan.json - main - Missing Common Tags: ["aws_lb_listener.form_viewer_http"]
WARN - plan.json - main - Missing Common Tags: ["aws_lb_listener.form_viewer_https"]
WARN - plan.json - main - Missing Common Tags: ["aws_lb_target_group.form_viewer_1"]
WARN - plan.json - main - Missing Common Tags: ["aws_lb_target_group.form_viewer_2"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_bucket.maintenance_mode"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_object.maintenance_static_page_css_files[\"style.css\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_object.maintenance_static_page_html_files[\"index-fr.html\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_object.maintenance_static_page_html_files[\"index.html\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_object.maintenance_static_page_ico_files[\"favicon.ico\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_object.maintenance_static_page_svg_files[\"site-unavailable.svg\"]"]
WARN - plan.json - main - Missing Common Tags: ["aws_shield_protection.alb"]
WARN - plan.json - main - Missing Common Tags: ["aws_shield_protection.route53_hosted_zone[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_wafv2_regex_pattern_set.cognito_login_paths"]
WARN - plan.json - main - Missing Common Tags: ["aws_wafv2_regex_pattern_set.forms_base_url"]
WARN - plan.json - main - Missing Common Tags:...

[craigzour]

LGTM!