DS-3492 Release issue fix for waf rules (#1046)

# Task Branch Pull Request

**<https://nhsd-jira.digital.nhs.uk/browse/DS-3492>**

## Description of Changes

Sorting priority order of WAF rules for AWS managed and custom rules. 

## Type of change

- Security enhancements(Monitoring of SQL injections)

## Development Checklist

- [x] I have performed a self-review of my own code
- [x] Tests have added that prove my fix is effective or that my feature
works (Integration tests)
- [x] I have updated Dependabot to include my changes (if applicable)

## Code Reviewer Checklist

- [x] I can confirm the changes have been tested or approved by a tester

Author: ajmu1

infrastructure/stacks/shared-resources/waf.tf

@@ -61,39 +61,29 @@ resource "aws_wafv2_web_acl" "di_endpoint_waf" {
   }
 
   rule {
-    name     = var.waf_aws_common_rule_name
+    name     = var.waf_custom_sqli_rule_name
     priority = 3
 
-    override_action {
-      none {}
+    action {
+      count {}
     }
-    statement {
-      managed_rule_group_statement {
-        name        = "AWSManagedRulesCommonRuleSet"
-        vendor_name = "AWS"
-
-        rule_action_override {
-          action_to_use {
-            count {}
-          }
 
-          name = "NoUserAgent_HEADER"
+    statement {
+      sqli_match_statement {
+        field_to_match {
+          body {}
         }
-
-        rule_action_override {
-          action_to_use {
-            count {}
-          }
-
-          name = "SizeRestrictions_BODY"
+        sensitivity_level = "HIGH"
+        text_transformation {
+          priority = 0
+          type = "NONE"
         }
       }
     }
-
     visibility_config {
+      sampled_requests_enabled = true
+      metric_name = var.waf_custom_sqli_rule_name
       cloudwatch_metrics_enabled = true
-      metric_name                = var.waf_aws_common_rule_name
-      sampled_requests_enabled   = true
     }
   }
 
@@ -165,50 +155,60 @@ resource "aws_wafv2_web_acl" "di_endpoint_waf" {
   }
 
   rule {
-    name     = var.waf_custom_sqli_rule_name
-    priority = 8
+    name     = var.waf_ip_reputation_list_rule_name
+    priority = 7
 
-    action {
-      count {}
+    override_action {
+      none {}
     }
 
     statement {
-      sqli_match_statement {
-        field_to_match {
-          body {}
-        }
-        sensitivity_level = "HIGH"
-        text_transformation {
-          priority = 0
-          type = "NONE"
-        }
+      managed_rule_group_statement {
+        name        = "AWSManagedRulesAmazonIpReputationList"
+        vendor_name = "AWS"
       }
     }
+
     visibility_config {
-      sampled_requests_enabled = true
-      metric_name = var.waf_custom_sqli_rule_name
       cloudwatch_metrics_enabled = true
+      metric_name                = var.waf_ip_reputation_list_rule_name
+      sampled_requests_enabled   = true
     }
   }
 
   rule {
-    name     = var.waf_ip_reputation_list_rule_name
-    priority = 7
+    name     = var.waf_aws_common_rule_name
+    priority = 8
 
     override_action {
       none {}
     }
-
     statement {
       managed_rule_group_statement {
-        name        = "AWSManagedRulesAmazonIpReputationList"
+        name        = "AWSManagedRulesCommonRuleSet"
         vendor_name = "AWS"
+
+        rule_action_override {
+          action_to_use {
+            count {}
+          }
+
+          name = "NoUserAgent_HEADER"
+        }
+
+        rule_action_override {
+          action_to_use {
+            count {}
+          }
+
+          name = "SizeRestrictions_BODY"
+        }
       }
     }
 
     visibility_config {
       cloudwatch_metrics_enabled = true
-      metric_name                = var.waf_ip_reputation_list_rule_name
+      metric_name                = var.waf_aws_common_rule_name
       sampled_requests_enabled   = true
     }
   }