1 Answer
- Newest
- Most votes
- Most comments
2
Hello.
This is a sample, but you can link AWS WAF's WebACL and AppRunner by doing the following.
"AWS::WAFv2::WebACLAssociation" is used to associate resources with WebACL.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webaclassociation.html
WebACL:
Type: AWS::WAFv2::WebACL
Properties:
Name: WebACL_AppRunner
Scope: REGIONAL
DefaultAction:
Block: {}
VisibilityConfig:
SampledRequestsEnabled: true
CloudWatchMetricsEnabled: true
MetricName: WebACL_AppRunner
Rules:
-
Name: rules-allow-ip
Priority: 0
Action:
Allow: {}
Statement:
IPSetReferenceStatement:
Arn: !GetAtt WAFIPSet.Arn
VisibilityConfig:
SampledRequestsEnabled: true
CloudWatchMetricsEnabled: true
MetricName: rules-allow-ip
WAFIPSet:
Type: AWS::WAFv2::IPSet
Properties:
Name: IPAllowLists
Scope: REGIONAL
IPAddressVersion: IPV4
Addresses: !Ref AllowAddresses
ARforPl:
Type: AWS::AppRunner::Service
Properties:
ServiceName: golang-container-app
SourceConfiguration:
AuthenticationConfiguration:
AccessRoleArn: !GetAtt RoleForAR.Arn
AutoDeploymentsEnabled: true
ImageRepository:
ImageIdentifier: !Ref EcrRepoUri
ImageRepositoryType: ECR
ImageConfiguration:
Port: 80
InstanceConfiguration:
Cpu: 1 vCPU
Memory: 2 GB
WebACLAssociation:
Type: AWS::WAFv2::WebACLAssociation
Properties:
WebACLArn: !GetAtt WebACL.Arn
ResourceArn: !GetAtt ARforPl.ServiceArn
Relevant content
- asked 2 years ago
- asked a year ago
- asked 2 years ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 2 years ago