Skip to content

Commit

Permalink
Allow optionally using the waf_web_acl_arn to associate an AWS WAF wi…
Browse files Browse the repository at this point in the history 
…th the cloudfront distribution.
  • Loading branch information
@RoyceMcQuoid
RoyceMcQuoid committed Jul 10, 2024
1 parent d348e60 commit 05f408d
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 0 deletions.
2 changes: 2 additions & 0 deletions cf.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ resource "aws_cloudfront_distribution" "web_distro" {
default_root_object = var.default_root_object
aliases = var.origins

web_acl_id = var.waf_web_acl_arn

origin {
domain_name = aws_s3_bucket.web.bucket_regional_domain_name
origin_id = var.s3_origin_id
Expand Down
5 changes: 5 additions & 0 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,3 +132,8 @@ variable "allow_destroy_s3" {
type = bool
default = false
}

variable "waf_web_acl_arn" {
description = "The ARN of the WAF Web ACL to associate with the cloudfront distribution. If you want to associate a WAF with the distribution you must provide this value. Do not use an AssociateWebACL"
default = ""
}

0 comments on commit 05f408d

Please sign in to comment.