search

aws-cloudformation / cloudformation-coverage-roadmap

The AWS CloudFormation Public Coverage Roadmap
https://aws.amazon.com/cloudformation/
Creative Commons Attribution Share Alike 4.0 International
1.11k stars 54 forks source link

AWS::ApiGateway::Stage-WebApplicationFirewall #244

Closed seanyu4296 closed 4 years ago

seanyu4296 commented 4 years ago

New Attribute

AWS::ApiGateway::Stage-WebApplicationFirewall to set web application firewall using web ACL in api gateway.

Related issue in aws-cdk

62687415-52e14100-b9f9-11e9-8fd6-ecc1adde82b1

seanyu4296 commented 4 years ago

https://github.com/aws/aws-cdk/issues/3582

chrisoverzero commented 4 years ago

Isn’t this the purpose of the AWS::WAFRegional::WebACLAssociation resource? Its ResourceArn property can accept the ARN of an API Gateway Stage.

seanyu4296 commented 4 years ago

Thanks @chrisoverzero tried it today it seems to work, but i noticed cloudformation does not count it as a stack drift when I disassociate my aws resource (api-gateway) to a specific web acl. Do you have any suggestion or solution to this?

chrisoverzero commented 4 years ago

Unfortunately, that’s not on the list of drift-detectable resources yet.

seanyu4296 commented 4 years ago

Okay got it! Is there a timeline of it getting in the list? @chrisoverzero

chrisoverzero commented 4 years ago

I'm sorry, I have no idea. I'm not affiliated with Amazon -- I'm just a rando who has experience using Web ACLs.

seanyu4296 commented 4 years ago

Closing this since I think this feature can be done through AWS::WAFRegional::WebACLAssociation