The Wallarm Terraform provider manages resources on the Wallarm API security platform — rules, IP lists, integrations, applications, nodes, tenants, and triggers.
Install the provider from the Terraform Registry:
terraform {
required_version = ">= 1.0"
required_providers {
wallarm = {
source = "wallarm/wallarm"
}
}
}Then run terraform init.
The provider authenticates via an API token. Set it as an environment variable (recommended):
export WALLARM_API_TOKEN="your-api-token"Or configure it in the provider block:
provider "wallarm" {
api_token = var.api_token
}
variable "api_token" {
type = string
sensitive = true
}The API host defaults to https://api.wallarm.com. Override with WALLARM_API_HOST or the api_host attribute for other regions (e.g. https://us1.api.wallarm.com).
For multi-tenant setups, set client_id on the provider or individual resources to target specific tenant accounts.
Note: Never commit API tokens to version control. Use environment variables, Terraform variables with
.tfvarsfiles (added to.gitignore), or a secrets manager.
Enable blocking mode for a specific host:
resource "wallarm_rule_mode" "block_example" {
mode = "block"
action {
type = "iequal"
value = "example.com"
point = {
header = "HOST"
}
}
}Deny traffic from specific IPs:
resource "wallarm_denylist" "bad_ips" {
ip_range = ["1.2.3.4", "5.6.7.0/24"]
reason = "Blocked by Terraform"
time_format = "RFC3339"
time = "2027-01-01T00:00:00+00:00"
}Session-based rules for real-time threat mitigation. In the Wallarm Console UI these appear under a dedicated Mitigation Controls section.
| Resource | Description |
|---|---|
wallarm_rule_mode |
Real-time blocking mode |
wallarm_rule_graphql_detection |
GraphQL API protection |
wallarm_rule_enum |
Enumeration attack protection |
wallarm_rule_bola |
BOLA/IDOR protection |
wallarm_rule_forced_browsing |
Forced browsing protection |
wallarm_rule_brute |
Brute force protection |
wallarm_rule_rate_limit_enum |
DoS protection (rate limiting) |
wallarm_rule_file_upload_size_limit |
File upload restriction policy |
Request-level rules for detection tuning, virtual patching, and data handling. These appear under the Rules section in the Wallarm Console UI.
Note:
wallarm_rule_mode,wallarm_rule_graphql_detection, andwallarm_rule_file_upload_size_limitappear in both tables because they are shown in both the Rules and Mitigation Controls sections of the Wallarm Console UI. They are a single Terraform resource — listed in both places here to match the UI experience.
| Resource | Description |
|---|---|
wallarm_rule_mode |
Filtration mode (monitor/block) |
wallarm_rule_vpatch |
Virtual patches |
wallarm_rule_regex |
Custom regex detection |
wallarm_rule_ignore_regex |
Regex-based false positive suppression |
wallarm_rule_masking |
Sensitive data masking |
wallarm_rule_binary_data |
Binary data markers |
wallarm_rule_parser_state |
Parser control (enable/disable) |
wallarm_rule_set_response_header |
Response header injection |
wallarm_rule_disable_attack_type |
Disable specific attack type detection |
wallarm_rule_disable_stamp |
Disable specific attack signatures |
wallarm_rule_uploads |
File upload handling |
wallarm_rule_graphql_detection |
GraphQL detection settings |
wallarm_rule_file_upload_size_limit |
File upload size limits |
wallarm_rule_overlimit_res_settings |
Overlimit request settings |
wallarm_rule_rate_limit |
Rate limiting |
wallarm_rule_bruteforce_counter |
Brute force counter |
wallarm_rule_dirbust_counter |
Directory traversal counter |
wallarm_rule_bola_counter |
BOLA counter |
wallarm_rule_credential_stuffing_regex |
Credential stuffing regex |
wallarm_rule_credential_stuffing_point |
Credential stuffing detection points |
| Resource | Description |
|---|---|
wallarm_denylist |
Block IPs, countries, datacenters, or proxy types |
wallarm_allowlist |
Allow specific traffic sources |
wallarm_graylist |
Graylist for behavioral analysis |
| Resource | Description |
|---|---|
wallarm_integration_email |
Email notifications |
wallarm_integration_slack |
Slack notifications |
wallarm_integration_teams |
Microsoft Teams notifications |
wallarm_integration_telegram |
Telegram notifications |
wallarm_integration_pagerduty |
PagerDuty alerts |
wallarm_integration_opsgenie |
OpsGenie alerts |
wallarm_integration_splunk |
Splunk log forwarding |
wallarm_integration_sumologic |
Sumo Logic log forwarding |
wallarm_integration_data_dog |
Datadog log forwarding |
wallarm_integration_insightconnect |
InsightConnect integration |
wallarm_integration_webhook |
Custom webhook notifications |
| Resource | Description |
|---|---|
wallarm_application |
Application (pool) management |
wallarm_node |
Filtering node management |
wallarm_tenant |
Tenant (multi-tenancy) management |
wallarm_user |
User management |
wallarm_trigger |
Trigger configuration |
wallarm_global_mode |
Global filtration mode |
wallarm_rules_settings |
Rules engine settings |
wallarm_api_spec |
API specification management |
wallarm_action |
Rule action scope tracking |
wallarm_rule_generator |
Generate HCL config files from hits or existing API rules |
wallarm_hits_index |
Track fetched request IDs for the hits-to-rules workflow |
| Data Source | Description |
|---|---|
wallarm_node |
Look up filtering nodes |
wallarm_applications |
List applications (supports bulk import) |
wallarm_actions |
Discover rule action scopes |
wallarm_rules |
Read all rules (hints) |
wallarm_hits |
Fetch detected hits for FP analysis |
wallarm_ip_lists |
Read IP list entries |
wallarm_security_issues |
Query security issues |
Most resources support terraform import. Bulk import is supported for:
- IP lists — via the
wallarm_ip_listsdata source. See the IP List Import Guide. - Rules — via the
wallarm_rulesdata source. See the Rules Import Guide. - Applications — via the
wallarm_applicationsdata source to discover existing apps and generate import blocks.
| Guide | Description |
|---|---|
| Action Scopes | How action conditions define rule scope (Host, path, method, etc.) |
| Detection Points | Point syntax for specifying request parts in rules |
| Mitigation Controls | Configuring brute force, BOLA, enumeration, and other session-based protections |
| Hits to Rules | Creating false positive suppression rules from hit data |
| Rules Import | Bulk-importing existing rules from the Wallarm API |
| IP List Import | Bulk-importing IP list entries |
Full resource and data source documentation is in the docs/ directory and on the Terraform Registry.
git clone https://github.com/wallarm/terraform-provider-wallarm.git
cd terraform-provider-wallarm
make build # Build binary locally
make install # Install to $GOPATH/binmake test # Unit tests
make testacc # Acceptance tests (requires WALLARM_API_TOKEN, WALLARM_API_HOST, TF_ACC=1)
make lint # Run golangci-lint
make fmt # Format codeRun a single acceptance test:
go test -v -run TestAccRuleWmodeCreate_Basic ./wallarm/provider/ -timeout=120mSee CHANGELOG.md for release history.