search

mikesouza / serverless-associate-waf

Associate a regional WAF with the AWS API Gateway used by your Serverless stack.
MIT License
28 stars 17 forks source link

[Feature Request] Support associating WAF by WAF Web ACL ID #22

Closed iDVB closed 4 years ago

iDVB commented 4 years ago 
custom:
  associateWaf:
    name: { Fn::ImportValue: "dev-wafacl" }

which in in CFN nets out to the resource name eg... 1234a1a-a1b1-12a1-abcd-a123b123456

mikesouza commented 4 years ago

You are using the plugin incorrectly.

The README states that custom.associateWaf.name:

The name of the regional WAF to associate the API Gateway with

You are NOT providing the name. You are providing the unique CFN resource ID which ends up resolving to the Web ACL ID, which is a uniquely generated ID.

Provide the name of the Web ACL. Login to your AWS Console, go to WAF Classic, find the name of the Web ACL in the Name column. Use that. The whole point of this plugin is so you don't have to care about the generated unique ID and import it. The plugin looks up this unique ID for you.

iDVB commented 4 years ago

Thanks for being so kind in your reply. In fact I did read the readme. It’s just confusing as CFN calls that id the “resource name”

“Ref returns the resource name, such as 1234a” https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-waf-webacl.html

Also, I’m not sure it’s as apparent as you suggest that this is precisely what the plugin was designed for. The primary use case from what I can see is to have it edit the existing APIG resource, updating it with the provided WAF. Something less easily done without a plugin.

Having said that, I’d like to make a feature request that you could supply the WAF resource name or the console name and have it added either way. I prefer not to name my resources and instead refer to them with refs and importvalue.

mikesouza commented 4 years ago

You are free to submit a PR with this feature implemented and I will gladly review and merge, or you may fork this plugin. I do not have the time nor desire to implement such use case, as this plugin fits the current use cases of our hybrid AWS infrastructure automation, which does not provision our WAF via CFN.

iDVB commented 4 years ago

Sure thing, let me just go read your contrib docs to find out how you would like that done. Buddy. Relax. You’ll live longer.

mikesouza commented 4 years ago

Just use common sense and general contribution best practices. Good luck.

On Fri, Mar 6, 2020 at 8:32 PM Dan Van Brunt notifications@github.com wrote:

Sure thing, let me just go read your contrib docs to find out how you would like that done. Buddy. Relax. You’ll live longer.

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/MikeSouza/serverless-associate-waf/issues/22?email_source=notifications&email_token=AAHYLNDZAPW33BWZPOORWU3RGGPZZA5CNFSM4LDDQHTKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEODK42I#issuecomment-596029033, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHYLNEDL4NM45RBTRCMEE3RGGPZZANCNFSM4LDDQHTA .