Merge pull request #1678 from govuk-one-login/BAU/use-cloudfront-acl

INCIDENT-814: use waf acl created by cloudfront stack
govuk-one-login · Jun 11, 2024 · ece4426 · ece4426
2 parents 1bf2e42 + a8f7ca3
commit ece4426
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/ci/terraform/waf.tf b/ci/terraform/waf.tf
@@ -146,7 +146,7 @@ resource "aws_wafv2_web_acl" "frontend_alb_waf_regional_web_acl" {
     }
 
     action {
-      block {}
+      count {}
     }
 
     statement {
@@ -499,7 +499,7 @@ resource "aws_wafv2_web_acl" "frontend_alb_waf_regional_web_acl" {
 
 resource "aws_wafv2_web_acl_association" "alb_waf_association" {
   resource_arn = aws_lb.frontend_alb.arn
-  web_acl_arn  = aws_wafv2_web_acl.frontend_alb_waf_regional_web_acl.arn
+  web_acl_arn  = var.cloudfront_auth_dns_enabled ? aws_cloudformation_stack.cloudfront[0].outputs["CloakingOriginWebACLArn"] : aws_wafv2_web_acl.frontend_alb_waf_regional_web_acl.arn
 }
 
 resource "aws_wafv2_web_acl_logging_configuration" "frontend_alb_waf_logging_config" {