associate rest api with WAF

You need to create a CfnWebACLAssociation in AWS CDK and point it to the previously created web ACL and the resource to protect. Note that AWS WAF requires a Regional web ACL for API Gateway. Therefore, ensure that the web ACL you are associating with the API Gateway is regional. For more details: https://aws.amazon.com/blogs/devops/easily-protect-your-aws-cdk-defined-infrastructure-with-aws-wafv2/