Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WAF ACL: no way to add association for existing CloudFront distribution #29850

Open
2 tasks
batrudinych opened this issue Apr 16, 2024 · 3 comments
Open
2 tasks

WAF ACL: no way to add association for existing CloudFront distribution #29850

batrudinych opened this issue Apr 16, 2024 · 3 comments
Labels
@aws-cdk/aws-waf Related to AWS Web Application Firewall effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2

Comments

@batrudinych
Copy link

Describe the feature

Add controls to either WAF V2 class or CloudFront Distribution class to be able to setup association for an existing CloudFront distribution. Currently only CloudFront distribution constructor accepts webAclId. There is no way to add webAclId if fromDistributionAttributes has been used to import existing distribution.

Use Case

There is an existing CloudFront distribution with a CNAME attached. A new separate CDK template is created with WAF web ACL. I want to establish an association between the ACL and an existing CloudFront distribution that's been imported into the current template via fromDistributionAttributes call.

Proposed Solution

No response

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.114.1

Environment details (OS name and version, etc.)

ManjaroLinux 23.1.4
@batrudinych batrudinych added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Apr 16, 2024
@github-actions github-actions bot added the @aws-cdk/aws-waf Related to AWS Web Application Firewall label Apr 16, 2024
@khushail khushail added investigating This issue is being investigated and/or work is in progress to resolve the issue. and removed needs-triage This issue or PR still needs to be triaged. labels Apr 16, 2024
@khushail khushail self-assigned this Apr 16, 2024
@khushail
Copy link
Contributor

Hi @batrudinych , thanks for reaching out. Have you checked this Construct prop -which might be helpful in your case ?

@khushail khushail added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. labels Apr 16, 2024
@batrudinych
Copy link
Author

hey @khushail, as i stated in the description, the webAclId construct prop is helpful in case i'm creating a distribution. However, in the described use case the distribution already exists. WAF is being added on a later stage. In that case construct prop can't be used because Distribution object is not created via constructor, it's imported via fromDistributionAttributes. Does it make sense?

@khushail
Copy link
Contributor

@batrudinych that perfectly makes sense. I see this method has limitation, so marking this request as appropriate.

@khushail khushail added p2 effort/small Small work item – less than a day of effort and removed response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. labels Apr 16, 2024
@khushail khushail removed their assignment Apr 16, 2024
This was referenced Apr 22, 2024
Closed
Closed
@github-actions github-actions bot mentioned this issue May 1, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-waf Related to AWS Web Application Firewall effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@batrudinych @khushail