Adds optional waf field for setting up Web Application Firewall on Cloudfront

orfin · orfin · commit 2a0359d5b691 · 2017-09-27T11:05:26.000+02:00
diff --git a/README.md b/README.md
@@ -44,6 +44,7 @@ custom:
   apiCloudFront:
     domain: my-custom-domain.com
     certificate: arn:aws:acm:us-east-1:000000000000:certificate/00000000-1111-2222-3333-444444444444
+    waf: 00000000-0000-0000-0000-000000000000
     logging:
       bucket: my-bucket.s3.amazonaws.com
       prefix: my-prefix
diff --git a/index.js b/index.js
@@ -59,6 +59,7 @@ class ServerlessApiCloudFrontPlugin {
     this.prepareOrigins(distributionConfig);
     this.prepareComment(distributionConfig);
     this.prepareCertificate(distributionConfig);
+    this.prepareWaf(distributionConfig);
   }
 
   prepareLogging(distributionConfig) {
@@ -107,6 +108,16 @@ class ServerlessApiCloudFrontPlugin {
     }
   }
 
+  prepareWaf(distributionConfig) {
+    const waf = this.getConfig('waf', null);
+
+    if (waf !== null) {
+      distributionConfig.WebACLId = waf;
+    } else {
+      delete distributionConfig.WebACLId;
+    }
+  }
+
   getConfig(field, defaultValue) {
     return _.get(this.serverless, `service.custom.apiCloudFront.${field}`, defaultValue)
   }
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "serverless-api-cloudfront",
-  "version": "0.9.1",
+  "version": "0.9.2",
   "engines": {
     "node": ">=4.0"
   },
diff --git a/resources.yml b/resources.yml
@@ -54,6 +54,7 @@ Resources:
           IncludeCookies: 'false'
           Bucket: ''
           Prefix: ''
+        WebACLId: waf-id
 
 Outputs:
   ApiDistribution:

Original file line number	Diff line number	Diff line change
`@@ -59,6 +59,7 @@ class ServerlessApiCloudFrontPlugin {`
`59`	`59`	`this.prepareOrigins(distributionConfig);`
`60`	`60`	`this.prepareComment(distributionConfig);`
`61`	`61`	`this.prepareCertificate(distributionConfig);`
	`62`	`+ this.prepareWaf(distributionConfig);`
`62`	`63`	`}`
`63`	`64`
`64`	`65`	`prepareLogging(distributionConfig) {`
`@@ -107,6 +108,16 @@ class ServerlessApiCloudFrontPlugin {`
`107`	`108`	`}`
`108`	`109`	`}`
`109`	`110`
	`111`	`+ prepareWaf(distributionConfig) {`
	`112`	`+ const waf = this.getConfig('waf', null);`
	`113`	`+`
	`114`	`+ if (waf !== null) {`
	`115`	`+ distributionConfig.WebACLId = waf;`
	`116`	`+ } else {`
	`117`	`+ delete distributionConfig.WebACLId;`
	`118`	`+ }`
	`119`	`+ }`
	`120`	`+`
`110`	`121`	`getConfig(field, defaultValue) {`
`111`	`122`	return _.get(this.serverless, `service.custom.apiCloudFront.${field}`, defaultValue)
`112`	`123`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "serverless-api-cloudfront",`
`3`		`- "version": "0.9.1",`
	`3`	`+ "version": "0.9.2",`
`4`	`4`	`"engines": {`
`5`	`5`	`"node": ">=4.0"`
`6`	`6`	`},`