Ability for user to enable the AWS WAF web ACL

[hnishar]

Provide the user an option to enable the AWS WAF web ACL on the following patterns:

• All apigateway related patterns e.g. aws-apigateway-lambda
• All cloudfront related patterns e.g. aws-cloudfront-apigateway-lambda

Use Case

AWS WAF provides an additional layer of protection to your web application. This feature will make it easy for user to enable AWS WAF web ACL for apigateway and cloudfront based patterns. These patterns will have an optional input parameter for user to provide the WAF web ACL that will be associated with the pattern created apigateway or cloudfront end point.

Proposed Solution

Add new optional input parameter (construct props) to accept the user provided WAF Web ACL for the following patterns:

• aws-apigateway-lambda
• aws-apigateway-dynamodb
• aws-apigateway-sqs
• aws-cloudfront-apigateway
• aws-cloudfront-apigateway-lambda
• aws-cloudfront-s3
• aws-cognito-apigateway-lambda

Other

• [ ] :wave: I may be able to implement this feature request
• [ ] :warning: This feature might incur a breaking change

---

This is a :rocket: Feature Request

[Jacco]

While browsing for something to work on I found this issue. I doubt if this needs to be implemented because constructing this can be easily accomplished creating:

aws-wafwebacl-apigateway aws-wafwebacl-cloudfront

and then combining with the

aws-apigateway-lambda aws-apigateway-dynamodb aws-apigateway-sqs aws-cloudfront-apigateway aws-cloudfront-apigateway-lambda aws-cloudfront-s3 aws-cognito-apigateway-lambda

Is my assumption correct?

[biffgaut]

Sorry - missed your comment last year. Yes, the aws-wafwebacl-* constructs provide the functionality requested in this issue. We should have closed this issue when we released those, but will do so now.