add optional wafv2 association

theonestack · Oct 27, 2020 · 6cc91c6 · 6cc91c6
1 parent 2fae776
commit 6cc91c6
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/application-loadbalancer.cfhighlander.rb b/application-loadbalancer.cfhighlander.rb
@@ -10,7 +10,8 @@
     ComponentParam 'SubnetIds', type: 'CommaDelimitedList'
     ComponentParam 'VPCId', type: 'AWS::EC2::VPC::Id'
     ComponentParam 'SslCertId', ''
-
+    ComponentParam 'WebACLArn', ''
+
     if use_zone_id == true
       ComponentParam 'HostedZoneId', ''
     end

diff --git a/application-loadbalancer.cfndsl.rb b/application-loadbalancer.cfndsl.rb
@@ -151,6 +151,14 @@
     end
   end
 
+  Condition(:AssociateWebACL, FnNot(FnEquals(:WebACLArn, '')))
+
+  WAFv2_WebACLAssociation(:WebACLAssociation) {
+    Condition :AssociateWebACL
+    ResourceArn Ref(:LoadBalancer)
+    WebACLArn Ref(:WebACLArn)
+  }
+
   Output(:LoadBalancer) {
     Value(Ref(:LoadBalancer))
     Export FnSub("${EnvironmentName}-#{external_parameters[:component_name]}-LoadBalancer")