Resource: awsWafv2WebAclAssociation
Creates a WAFv2 Web ACL Association.
\~> NOTE on associating a WAFv2 Web ACL with a Cloudfront distribution: Do not use this resource to associate a WAFv2 Web ACL with a Cloudfront Distribution. The AWS API call backing this resource notes that you should use the webAclId
property on the cloudfrontDistribution
instead.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsApiGatewayRestApiExample = new aws.apiGatewayRestApi.ApiGatewayRestApi(
this,
"example",
{
body: '${jsonencode({\n openapi = "3.0.1"\n info = {\n title = "example"\n version = "1.0"\n }\n paths = {\n "/path1" = {\n get = {\n x-amazon-apigateway-integration = {\n httpMethod = "GET"\n payloadFormatVersion = "1.0"\n type = "HTTP_PROXY"\n uri = "https://ip-ranges.amazonaws.com/ip-ranges.json"\n }\n }\n }\n }\n })}',
name: "example",
}
);
const awsWafv2WebAclExample = new aws.wafv2WebAcl.Wafv2WebAcl(
this,
"example_1",
{
defaultAction: {
allow: {},
},
name: "web-acl-association-example",
scope: "REGIONAL",
visibilityConfig: {
cloudwatchMetricsEnabled: false,
metricName: "friendly-metric-name",
sampledRequestsEnabled: false,
},
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsWafv2WebAclExample.overrideLogicalId("example");
const awsApiGatewayDeploymentExample =
new aws.apiGatewayDeployment.ApiGatewayDeployment(this, "example_2", {
restApiId: awsApiGatewayRestApiExample.id,
triggers: {
redeployment: `\${sha1(jsonencode(${awsApiGatewayRestApiExample.body}))}`,
},
});
awsApiGatewayDeploymentExample.addOverride("lifecycle", [
{
create_before_destroy: true,
},
]);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsApiGatewayDeploymentExample.overrideLogicalId("example");
const awsApiGatewayStageExample = new aws.apiGatewayStage.ApiGatewayStage(
this,
"example_3",
{
deploymentId: awsApiGatewayDeploymentExample.id,
restApiId: awsApiGatewayRestApiExample.id,
stageName: "example",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsApiGatewayStageExample.overrideLogicalId("example");
const awsWafv2WebAclAssociationExample =
new aws.wafv2WebAclAssociation.Wafv2WebAclAssociation(this, "example_4", {
resourceArn: awsApiGatewayStageExample.arn,
webAclArn: awsWafv2WebAclExample.arn,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsWafv2WebAclAssociationExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
resourceArn
- (Required) The Amazon Resource Name (ARN) of the resource to associate with the web ACL. This must be an ARN of an Application Load Balancer, an Amazon API Gateway stage, or an Amazon Cognito User Pool.webAclArn
- (Required) The Amazon Resource Name (ARN) of the Web ACL that you want to associate with the resource.
Attributes Reference
No additional attributes are exported.
Timeouts
create
- (Default5M
)
Import
WAFv2 Web ACL Association can be imported using WEB_ACL_ARN,RESOURCE_ARN
e.g.,