Closed ghost closed 4 years ago
Thanks for the example!
An unfortunate truth is that we don't have time to spend on WAF right now, and even though it might sound that any example is better than no example, we also cannot readily accept your code for multiple reasons:
I would heartily recommend that you get this content out there and publish this content under your own name to your own platforms: maybe to a blog, maybe to a GitHub repository or a Gist. But we can't accept it into the upstream repository or docs, however silly that may sound.
Cheers!
thanks to @Syy0n
this really saved me a ton of time , I spent 6 hrs wasting on this issue thanks again for this one
I really feel AWS has poor examples on WAF - APIGW association and for some reason
This works
const arn = `arn:aws:apigateway:${region}::/restapis/${this.appGateway.restApiId}/stages/${this.appAPIGateway.deploymentStage.stageName}`;
console.log(arn);
new wafv2.CfnWebACLAssociation(this, "WebAclAssociation", {
webAclArn: props.regionalACLARN,
resourceArn: arn,
});
This did not work
new wafv2.CfnWebACLAssociation(this, 'WebAclAssociation', {
webAclArn: props.regionalACLARN,
resourceArn: `arn:aws:apigateway:${region}::/restapis/${this.appGateway.restApiId}/stages/${this.appAPIGateway.deploymentStage.stageName}`
})
I second adding non-L1 constructs and examples for WAFv2.
And for those of you who use Python, I made an example here:
https://raw.githubusercontent.com/NickTheSecurityDude/alb-asg-waf-cdk/main/stacks/wafv2_stack.py
Yeah having some sort of example code would be very helpful
I wasted hours figuring out how to connect wafv2 rules to an API gateway via Python CDK. Example below for future developers.
# relevant imports
from aws_cdk import aws_apigateway as gateway
from aws_cdk import aws_wafv2 as waf2
api = gateway.LambdaRestApi(
# configuration
)
webACL = waf2.CfnWebACL(
# configuration
)
waf2.CfnWebACLAssociation(
self, # or other applicable scope
"foo", # identifier string of your choice
web_acl_arn=webACL.attr_arn,
resource_arn=f"arn:aws:apigateway:{api.env.region}::/restapis/{api.rest_api_id}/stages/{api.deployment_stage.stage_name}"
)
@DC4JG thanks for posting that! Any chance you'd like to submit an example to the aws-samples/aws-cdk-examples
repository?
@skinny85 sure, if I find the time for it I'll gladly share my knowledge in some cleaned up examples and snippets.
This is just perfect, this post needs to be more known as AWS doesn't have any examples at all of Wafv2 in aws-cdk
How is this supposed to work with API GW V2 (HTTP API) and also CloudFront distribution?
I've tried to create the WAF in both cases and neither worked.
Hey guys, there is a lack of documentation regarding Waf - see #7925. But I could create a working example with api-gateway. Maybe you wanna add it to your docs?