feat(cdn): add optional waf rule

cookielab · Dec 17, 2024 · a6141fd · a6141fd
1 parent b3a8c2b
commit a6141fd
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
+.infracost
 .terraform
 .terraform.tfstate.lock.info
 terraform.tfstate

diff --git a/main.tf b/main.tf
@@ -208,6 +208,7 @@ data "aws_cloudfront_cache_policy" "managed_caching_disabled" {
 resource "aws_cloudfront_distribution" "this" {
   comment = local.main_domain
 
+  web_acl_id = var.waf_acl_arn
   origin {
     domain_name              = module.s3_bucket.s3_bucket_bucket_regional_domain_name
     origin_id                = var.s3_bucket_name

diff --git a/variables.tf b/variables.tf
@@ -68,6 +68,12 @@ variable "tags" {
   default = {}
 }
 
+variable "waf_acl_arn" {
+  description = "WAF ACL ARN"
+  type        = string
+  default     = null
+}
+
 variable "restriction_type" {
   description = "Apply for geo restrictions, values: none, whitelist, blacklist"
   type        = string