AWS WAF for App Runner

1

Hi,

I came across this announcement for WAF support in App Runner, and it mentions that this feature is available through the App Runner console, AWS CLI, and CloudFormation.

I can see this feature when I go to my App Runner service configuration, however, I'm deploying this through CloudFormation at the moment, planning on switching to Terraform later on, and neither the CloudFormation docs nor the Terraform docs seem to explain how to associate a WAF.

Does someone know how to get this set up with CloudFormation?

1 réponse
2
Réponse acceptée

Hello.

This is a sample, but you can link AWS WAF's WebACL and AppRunner by doing the following.
"AWS::WAFv2::WebACLAssociation" is used to associate resources with WebACL.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webaclassociation.html

  WebACL:
    Type: AWS::WAFv2::WebACL
    Properties:
      Name: WebACL_AppRunner
      Scope: REGIONAL
      DefaultAction:
        Block: {}
      VisibilityConfig:
        SampledRequestsEnabled: true
        CloudWatchMetricsEnabled: true
        MetricName: WebACL_AppRunner
      Rules:
        -
          Name: rules-allow-ip
          Priority: 0
          Action:
            Allow: {}
          Statement:
            IPSetReferenceStatement:
              Arn: !GetAtt WAFIPSet.Arn
          VisibilityConfig:
            SampledRequestsEnabled: true
            CloudWatchMetricsEnabled: true
            MetricName: rules-allow-ip

  WAFIPSet:
    Type: AWS::WAFv2::IPSet
    Properties:
      Name: IPAllowLists
      Scope: REGIONAL
      IPAddressVersion: IPV4
      Addresses: !Ref AllowAddresses

  ARforPl:
    Type: AWS::AppRunner::Service
    Properties:
      ServiceName: golang-container-app
      SourceConfiguration:
        AuthenticationConfiguration:
          AccessRoleArn: !GetAtt RoleForAR.Arn
        AutoDeploymentsEnabled: true
        ImageRepository:
          ImageIdentifier: !Ref EcrRepoUri
          ImageRepositoryType: ECR
          ImageConfiguration:
            Port: 80
      InstanceConfiguration:
        Cpu: 1 vCPU
        Memory: 2 GB

  WebACLAssociation:
    Type: AWS::WAFv2::WebACLAssociation
    Properties:
      WebACLArn: !GetAtt WebACL.Arn
      ResourceArn: !GetAtt ARforPl.ServiceArn
profile picture
EXPERT
répondu il y a 7 mois
profile pictureAWS
EXPERT
vérifié il y a 7 mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions