Associate WAF ACL - Githubissues

opennextjs / opennextjs-aws

Open-source Next.js adapter for AWS

https://opennext.js.org

MIT License

4.09k stars 125 forks source link

Associate WAF ACL #534

Closed luisiturrios1 closed 2 weeks ago

luisiturrios1 commented 3 weeks ago

I'm currently using the OpenNext AWS setup for my project, and I'd like to add an AWS WAF ACL to my CloudFront distribution to enhance security. However, I couldn't find any documentation or clear guidance on how to associate an existing WAF ACL with the CloudFront distribution in the current OpenNext setup.

sommeeeer commented 3 weeks ago

this is more of a SST question than an open-next.

if you are using sstv2 you need to create it using aws-cdk-lib then pass it through to cdk.distribution.webAclId on the NextjsSite construct.

if you are using ion you need to use pulumi's aws.wafv2.WebAcl, and then use transform on sst.aws.Nextjs.

luisiturrios1 commented 2 weeks ago

Thanks a lot for your response, this works for me

new sst.aws.Nextjs("MyApp", {
  transform: {
    cdn: {
      transform: {
        distribution: {
          webAclId: "arn:aws:wafv2:us-east-1:XXXXXXXXXXXX.....",
        },
      },
    },
  },
});