Closed seanyu4296 closed 4 years ago
Isn’t this the purpose of the AWS::WAFRegional::WebACLAssociation
resource? Its ResourceArn
property can accept the ARN of an API Gateway Stage.
Thanks @chrisoverzero tried it today it seems to work, but i noticed cloudformation does not count it as a stack drift when I disassociate my aws resource (api-gateway) to a specific web acl. Do you have any suggestion or solution to this?
Unfortunately, that’s not on the list of drift-detectable resources yet.
Okay got it! Is there a timeline of it getting in the list? @chrisoverzero
I'm sorry, I have no idea. I'm not affiliated with Amazon -- I'm just a rando who has experience using Web ACLs.
Closing this since I think this feature can be done through AWS::WAFRegional::WebACLAssociation
New Attribute
AWS::ApiGateway::Stage-WebApplicationFirewall to set web application firewall using web ACL in api gateway.
Related issue in aws-cdk