Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[apigateway] Support WebAclArn for an API Gateway stage

See original GitHub issue

I’m submitting a …
- 🪲 bug report
- 🚀 feature request
- 📚 construct library gap
- ☎️ security issue or vulnerability => Please see policy
- ❓ support request => Please see note at the top of this template.
What is the current behavior?

I am unable to find the option to set the webACl of a stage of an api-gateway

What is the expected behavior (or behavior of feature suggested)?

I am able to set the webAcl of a stage of an api-gateway

What is the motivation / use case for changing the behavior or adding this feature?

It is important to be able to set the web acl of an api-gateway

Please tell us about your environment:
- CDK CLI Version: 0.30.0
- Module Version: 0.30.0
- OS: OSX Mojave
- Language: TypeScript
Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. associated pull-request, stackoverflow, gitter, etc)

I cannot seem to find the option to set the webAcl through aws-cdk of a stage of an api-gateway. This is how it looks like in the aws apigateway console Screen Shot 2019-08-08 at 4 15 52 PM I’ve looked through these files. https://github.com/aws/aws-cdk/blob/4a0272db5eb9aae5f440bb0813fdbad6514b60c3/packages/%40aws-cdk/aws-apigateway/lib/stage.ts My current relevant code:

new apigateway.LambdaRestApi(this, `${name}-LambdaRpcGateway`, {
      handler: lambdaFunc,
    });

Issue Analytics

State:
Created 4 years ago
Comments:7 (4 by maintainers)

Top GitHub Comments

6reactions

ozeebeecommented, Mar 12, 2020

Hi, just adding this just in case someone comes across this thread:

If you use WAFv2, don’t try to use wafregional’s CfnWebACLAssociation as proposed above: this won’t work. You have to use wafv2 equivalent:

import { CfnWebACLAssociation } from '@aws-cdk/aws-wafv2'
...
new CfnWebACLAssociation(this, 'WebACLAssoc', {
  webAclArn: props.webACLArn,
  resourceArn: `arn:aws:apigateway:eu-west-1::/restapis/${props.restApiId}/stages/${stageName}`
})
...

This did the job for me. Hope this can save some time to other ppl 😉

2reactions

nija-atcommented, Nov 21, 2019

Apolgies for the delayed response.

@seanyu4296 - Don’t try to process any generated tokens in your cdk code. Use it as if it returned the resolved value (in this case, the restApiId).

cdk’s synthesis will automatically detect tokens embedded within strings and resolve them.

You should be able to simply do

new wafR.CfnWebACLAssociation(this, 'WAFFirewall', {
      webAclId: 'some-id-here',
      resourceArn: `arn:aws:apigateway:ap-southeast-1::/restapis/${gateway.restApiId}/stages/prod`,
    });

Can you do this and check the output template that you can find in the cdk.out/ folder? The resourceArn attribute should be set as expected.

Top Results From Across the Web

Setting up a stage using the API Gateway console

Sign in to the API Gateway console at https://console.aws.amazon.com/apigateway . From the APIs navigation pane, choose Stages under an API. From the Stages...

APIGateway — Boto3 Docs 1.26.36 documentation

A resource that can be distributed to callers for executing Method resources that require an API key. API keys can be mapped to...

aws.apigateway.Stage - Pulumi

Documentation for the aws.apigateway.Stage resource with examples, input properties, output properties, lookup functions, and supporting types.

API Gateway Integrated With AWS WAF | Trend Micro

This rule can help you with the following compliance standards: ... Associate API Gateway API stages with AWS WAF Web Access Control Lists ......

Deploying a REST API in Amazon API Gateway

To support multiple APIs under the custom domain name, you must map an API stage to a base path. With a custom domain...