github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/cloudfront/AVD-AWS-0011/Terraform.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/cloudfront/AVD-AWS-0011/Terraform.md (about)

     1  
     2  Enable WAF for the CloudFront distribution
     3  
     4  ```hcl
     5   resource "aws_cloudfront_distribution" "good_example" {
     6   
     7     origin {
     8       domain_name = aws_s3_bucket.primary.bucket_regional_domain_name
     9       origin_id   = "primaryS3"
    10   
    11       s3_origin_config {
    12         origin_access_identity = aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path
    13       }
    14     }
    15   
    16     origin {
    17       domain_name = aws_s3_bucket.failover.bucket_regional_domain_name
    18       origin_id   = "failoverS3"
    19   
    20       s3_origin_config {
    21         origin_access_identity = aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path
    22       }
    23     }
    24   
    25     default_cache_behavior {
    26       target_origin_id = "groupS3"
    27     }
    28   
    29     web_acl_id = "waf_id"
    30   }
    31   
    32  ```
    33  
    34  #### Remediation Links
    35   - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#web_acl_id
    36