With WAF Integration
Integrate AWS WAF with your Application Load Balancer for security.
module "protected_alb" {
source = "registry.patterneddesigns.ca/patterneddesigns/alb/aws"
version = "3.0.0"
name = "protected-alb"
vpc_id = module.vpc.vpc_id
subnets = module.vpc.public_subnets
https_listeners = [{
port = 443
certificate_arn = aws_acm_certificate.main.arn
}]
}
resource "aws_wafv2_web_acl" "main" {
name = "alb-protection"
description = "WAF rules for ALB"
scope = "REGIONAL"
default_action {
allow {}
}
rule {
name = "AWSManagedRulesCommonRuleSet"
priority = 1
override_action {
none {}
}
statement {
managed_rule_group_statement {
name = "AWSManagedRulesCommonRuleSet"
vendor_name = "AWS"
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "AWSManagedRulesCommonRuleSet"
sampled_requests_enabled = true
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "alb-waf"
sampled_requests_enabled = true
}
}
resource "aws_wafv2_web_acl_association" "main" {
resource_arn = module.protected_alb.alb_arn
web_acl_arn = aws_wafv2_web_acl.main.arn
}
Key Points
- WAF v2 (WAFv2) is used for ALB protection
- Use AWS Managed Rules for common threats
- Associate WAF ACL with ALB ARN after creation