Some organisations might want to configure a WAF externally to this module, and pass in the ARN from the WAF ACL, this PR allows the ability for a custom_waf_acl_arn to be passed to this module, when it is passed and not null, it will not create the WAF resource, and will assign the custom_waf_acl_arn to Cloudfront instead of the created resource.
If the passed custom_waf_acl_arn variable is null, it will still create the WAF resource for security best practices.
Context
Specifc to the way we do things at Gymshark, we have a set of WAF rules we have setup for our web applications, configuring and maintaining our own WAF is more beneficial than a generic WAF setup. We need the ability to pass this already created WAF ARN to this new Next.js Cloudfront distro so we can maintain our own security requirements.
Type of changes
[ ] Refactoring (non-breaking change)
[x] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would change existing functionality)
[ ] Bug fix (non-breaking change which fixes an issue)
[ ] This PR is a result of pair or mob programming
Sensitive Information Declaration
To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.
[x] I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.
Description
Some organisations might want to configure a WAF externally to this module, and pass in the ARN from the WAF ACL, this PR allows the ability for a
custom_waf_acl_arn
to be passed to this module, when it is passed and not null, it will not create the WAF resource, and will assign thecustom_waf_acl_arn
to Cloudfront instead of the created resource.If the passed
custom_waf_acl_arn
variable is null, it will still create the WAF resource for security best practices.Context
Specifc to the way we do things at Gymshark, we have a set of WAF rules we have setup for our web applications, configuring and maintaining our own WAF is more beneficial than a generic WAF setup. We need the ability to pass this already created WAF ARN to this new Next.js Cloudfront distro so we can maintain our own security requirements.
Type of changes
Checklist
Sensitive Information Declaration
To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.