WAF Web ACL
L7 application firewall (rules, rate limits).
Configuration
Section titled “Configuration”| Setting | Type | Required | Default |
|---|---|---|---|
| ACL name | Text | Yes | — |
| Description | Text | — | — |
| Scope Options: Regional (ALB / API GW), CloudFront | Choice | — | REGIONAL |
| Default action Options: Allow, Block | Choice | — | ALLOW |
| AWS managed rule groups | List | — | — |
| Rate limit / 5 min | Number | — | 2000 |
| CloudWatch metrics | Toggle | — | true |
| Sampled requests | Toggle | — | true |
| Logging destination ARN | Text | — | — |
| Redacted fields (CSV) | Text | — | — |
| Tags | Key–value | — | — |
Connections
Section titled “Connections”| Socket | Direction | Accepts | Terraform arg |
|---|---|---|---|
| Protected resource | Input | any | — |
| Protected resources | Output | aws.cloudfront, aws.waf-logging-configuration, aws.waf-web-acl-association | — |