WAFv2 Cfhighlander Component
WAFv2 is the latest version of the AWS WAF API and with support now in CloudFormation we’ve released a chighlander component to make implementation in your cfhighlander project easy. The component support both global (cloudfront) and regional (apigateway, application loadbalancers) as well as default canned configutaion which can be completely customised. Vist the components github repository for all the configuration options.
To implement in your cfhighlander project add the wafv2 component to you main cfhighlander.rb file and extract the WAFArn output to pass into the compoents you want to attach the waf to.
Application LoadBalancer
CfhighlanderTemplate do
Component name: 'wafv2', template: 'wafv2' do
parameter name: 'Scope', value: 'REGIONAL'
end
Component name: 'alb', template: 'application-loadbalancer' do
parameter name: 'WebACLArn', value: cfout('wafv2.WAFArn')
end
end
CloudFront
CfhighlanderTemplate do
Component name: 'wafv2', template: 'wafv2' do
parameter name: 'Scope', value: 'GLOBAL'
end
Component name: 'cloudfront', template: 'cloudfront' do
parameter name: 'WebACL', value: cfout('wafv2.WAFArn')
end
end
The WAFArn output is also exported so the wafv2 can be deployed indepentently of your main ifrastucture stack and can be consumed using a Fn::ImportValue in your CloudFormation template or via a FnImportValue in your cfhighlander project.