diff --git a/roles/aws/acl/defaults/main.yml b/roles/aws/aws_acl/defaults/main.yml
similarity index 98%
rename from roles/aws/acl/defaults/main.yml
rename to roles/aws/aws_acl/defaults/main.yml
index c1c2e0c3a..8845df2d6 100644
--- a/roles/aws/acl/defaults/main.yml
+++ b/roles/aws/aws_acl/defaults/main.yml
@@ -1,6 +1,6 @@
 ---
 rate_limit: 200
-acl:
+aws_acl:
   name: "dummy_master_acl"
   scope: "CLOUDFRONT" # Can be "REGIONAL" for ALBs
   region: "us-east-1" # If scope is set to CLOUDFRONT, region must be us-east-1, even though docs say it will be skipped
diff --git a/roles/aws/acl/tasks/main.yml b/roles/aws/aws_acl/tasks/main.yml
similarity index 67%
rename from roles/aws/acl/tasks/main.yml
rename to roles/aws/aws_acl/tasks/main.yml
index 8bf6efb80..43ca97338 100644
--- a/roles/aws/acl/tasks/main.yml
+++ b/roles/aws/aws_acl/tasks/main.yml
@@ -1,25 +1,25 @@
 - name: Define dict for rules
   ansible.builtin.set_fact:
-    acl_rules: []
+    _acl_rules: []
 
 - name: Set IP block rule
-  when: acl.ip_block is defined
+  when: aws_acl.ip_block is defined
   block:
     - name: Create IP block set for WAF
       community.aws.wafv2_ip_set:
-        name: "{{ acl.ip_block.name }}"
+        name: "{{ aws_acl.ip_block.name }}"
         state: present
         description: Set of blocked IPs
-        scope: "{{ acl.scope }}"
-        region: "{{ acl.region }}"
+        scope: "{{ aws_acl.scope }}"
+        region: "{{ aws_acl.region }}"
         ip_address_version: IPV4
-        addresses: "{{ acl.ip_block.list }}"
-      register: ip_set_info
+        addresses: "{{ aws_acl.ip_block.list }}"
+      register: _ip_set_info
 
     - name: Create IP block rule
       ansible.builtin.set_fact:
         ip_block_rule:
-        - name: "{{ acl.ip_block.name }}"
+        - name: "{{ aws_acl.ip_block.name }}"
           priority: 0
           action:
             block: {}
@@ -29,30 +29,30 @@
             metric_name: Block_IPs
           statement:
             ip_set_reference_statement:
-              arn: "{{ ip_set_info.arn }}"
+              arn: "{{ _ip_set_info.arn }}"
 
     - name: Add rule to list
       ansible.builtin.set_fact:
-        acl_rules: "{{ acl_rules + ip_block_rule }}"
+        _acl_rules: "{{ _acl_rules + ip_block_rule }}"
 
 - name: Set IP allow rule
-  when: acl.ip_allow is defined
+  when: aws_acl.ip_allow is defined
   block:
     - name: Create IP allow set for WAF
       community.aws.wafv2_ip_set:
-        name: "{{ acl.ip_allow.name }}"
+        name: "{{ aws_acl.ip_allow.name }}"
         state: present
         description: Set of allowed IPs
-        scope: "{{ acl.scope }}"
-        region: "{{ acl.region }}"
+        scope: "{{ aws_acl.scope }}"
+        region: "{{ aws_acl.region }}"
         ip_address_version: IPV4
-        addresses: "{{ acl.ip_allow.list }}"
-      register: ip_set_info
+        addresses: "{{ aws_acl.ip_allow.list }}"
+      register: _ip_set_info
 
     - name: Create IP allow rule
       ansible.builtin.set_fact:
         ip_allow_rule:
-        - name: "{{ acl.ip_allow.name }}"
+        - name: "{{ aws_acl.ip_allow.name }}"
           priority: 1
           action:
             allow: {}
@@ -62,14 +62,14 @@
             metric_name: Allow_IPs
           statement:
             ip_set_reference_statement:
-              arn: "{{ ip_set_info.arn }}"
+              arn: "{{ _ip_set_info.arn }}"
 
     - name: Add rule to list
       ansible.builtin.set_fact:
-        acl_rules: "{{ acl_rules + ip_allow_rule }}"
+        _acl_rules: "{{ _acl_rules + ip_allow_rule }}"
 
 - name: Set country block rule
-  when: acl.cc_block_list is defined
+  when: aws_acl.cc_block_list is defined
   block:
     - name: Create country block rule
       ansible.builtin.set_fact:
@@ -84,11 +84,11 @@
               metric_name: block_countries
             statement:
               geo_match_statement: # Can't find the actual name, I got this from aws rule JSON formated
-                country_codes: "{{ acl.cc_block_list }}"
+                country_codes: "{{ aws_acl.cc_block_list }}"
 
     - name: Add rule to list
       ansible.builtin.set_fact:
-        acl_rules: "{{ acl_rules + cc_block_rule }}"
+        _acl_rules: "{{ _acl_rules + cc_block_rule }}"
 
 # Workaround for rate limit rule in ACL (any variable gets interpreted as string instead of int)
 - name: Set rate limit variable
@@ -112,22 +112,31 @@
 
     - name: Add rule to list
       ansible.builtin.set_fact:
-        acl_rules: "{{ acl_rules + rate_rule}}"
+        _acl_rules: "{{ _acl_rules + rate_rule}}"
 
 - name: Create web acl
   community.aws.wafv2_web_acl:
-    name: "{{ acl.name }}" # Member must satisfy regular expression pattern: ^[\\w\\-]+$
+    name: "{{ aws_acl.name }}" # Member must satisfy regular expression pattern: ^[\\w\\-]+$
     description: "WAF protecting the {{ _domain_name }}"
-    scope: "{{ acl.scope }}"
-    region: "{{ acl.region }}"
+    scope: "{{ aws_acl.scope }}"
+    region: "{{ aws_acl.region }}"
     default_action: Allow # or "Block"
     sampled_requests: false
     cloudwatch_metrics: true # or "false" to disable metrics
     metric_name: test-metric-name # not sure about this name, since each rule also has it's own metrics name (maybe log group name)
-    rules: "{{ acl_rules }}"
+    rules: "{{ _acl_rules }}"
     purge_rules: true
 #    tags:
 #      A: B
 #      C: D
     state: present
-  register: created_acl
\ No newline at end of file
+  register: _created_acl
+
+- name: Add WAF to ALB
+  community.aws.wafv2_resources:
+    name: "{{ aws_acl.name }}"
+    scope: REGIONAL
+    state: present
+    region: "{{ aws_acl.region }}"
+    arn: "{{ _aws_ec2_elb.load_balancer_arn }}"
+  when: _aws_ec2_elb is defined
diff --git a/roles/aws/aws_cloudfront_distribution/tasks/main.yml b/roles/aws/aws_cloudfront_distribution/tasks/main.yml
index fa1fb91c3..49b0ea331 100644
--- a/roles/aws/aws_cloudfront_distribution/tasks/main.yml
+++ b/roles/aws/aws_cloudfront_distribution/tasks/main.yml
@@ -1,8 +1,10 @@
 ---
 - name: Create web acl if defined
   ansible.builtin.include_role:
-    name: aws/acl
-  when: acl is defined
+    name: aws/aws_acl
+  when:
+    - aws_acl is defined
+    - aws_acl.scope == 'CLOUDFRONT'
 
 - name: Create a CloudFront distribution.
   community.aws.cloudfront_distribution:
@@ -12,7 +14,7 @@
     state: "{{ aws_cloudfront_distribution.state }}"
     aliases: "{{ aws_cloudfront_distribution.aliases }}"
     origins: "{{ aws_cloudfront_distribution.origins }}"
-    web_acl_id: "{{ created_acl.arn | default(omit) }}"
+    web_acl_id: "{{ _created_acl.arn | default(omit) }}"
     default_cache_behavior: "{{ aws_cloudfront_distribution.default_cache_behavior }}"
     cache_behaviors: "{{ aws_cloudfront_distribution.cache_behaviors }}"
     validate_certs: "{{ aws_cloudfront_distribution.validate_certs }}"
diff --git a/roles/aws/aws_elb/tasks/main.yml b/roles/aws/aws_elb/tasks/main.yml
index a47f372ad..0e3408645 100644
--- a/roles/aws/aws_elb/tasks/main.yml
+++ b/roles/aws/aws_elb/tasks/main.yml
@@ -135,6 +135,13 @@
   register: _aws_ec2_elb
   when: aws_elb.elb_type == "alb"
 
+- name: Create web acl if defined
+  ansible.builtin.include_role:
+    name: aws/aws_acl
+  when:
+    - aws_acl is defined
+    - aws_acl.scope == 'REGIONAL'
+
 - name: Get ALB listener ARN for port 443.
   ansible.builtin.set_fact:
     _aws_ec2_elb_listener_ARN: "{{ item.listener_arn }}"