v2-web-acl-aws-cdk

webacl.js

// step 1
const myRegexPatternSet = new wafv2.CfnRegexPatternSet(
      this,
      'sygna-api-tokyo-regex',
      {
        description: 'Sygna Bridge Api Regex',
        name: 'sygna-bridge-api-regex',
        scope: 'REGIONAL',
        regularExpressionList: ['^[a-zA-Z]{64}$', '.w[api_].w[key]w'],
      },
    )
// step 2
// Regex group
    const myRuleGroup = new wafv2.CfnRuleGroup(
      this,
      'sygna-api-tokyo-rule-group',
      {
        capacity: 25,
        description: 'Sygna tokyo rule',
        scope: 'REGIONAL',
        name: 'sygna-waf-tokyo-allow',
        visibilityConfig: {
          sampledRequestsEnabled: true,
          cloudWatchMetricsEnabled: true,
          metricName: 'sygna-waf-tokyo-allow',
        },
      },
    )
 
 // step 3
 const myRule = myRuleGroup.addDependsOn(myRegexPatternSet)
    
 const rules: any[] = [
      {
        name: 'sygna-waf-rule1',
        priority: 1,
        action: { allow: {} },
        statement: {
          ruleGroupReferenceStatement: {
            arn: myRuleGroup.attrArn,
          },
        },
        visibilityConfig: {
          sampledRequestsEnabled: true,
          cloudWatchMetricsEnabled: true,
          metricName: 'sygna-waf-rule-api',
        },
      },
    ]

 // step 4
 const waf2 = new wafv2.CfnWebACL(this, 'sygna-waf-v2-acl', {
      defaultAction: {
        allow: {},
      },
      scope: 'REGIONAL',
      visibilityConfig: {
        cloudWatchMetricsEnabled: true,
        metricName: 'sygnaWAF', // todo
        sampledRequestsEnabled: false,
      },
      rules: rules,
    })
  //waf2.addPropertyOverride('my-sygna-rules1',rules)
 
 // step 5  
 waf2.addPropertyOverride('my-sygna-rules2', rules)