From be9f93f62d9c36b8fbaa1b2eee8c37a67d5679de Mon Sep 17 00:00:00 2001
From: Chris Kalafarski <chris@farski.com>
Date: Fri, 10 Jan 2025 15:23:54 -0500
Subject: [PATCH] Add WAF association for ALB

---
 spire/templates/shared-alb.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/spire/templates/shared-alb.yml b/spire/templates/shared-alb.yml
index f15b35dd..c0590d65 100644
--- a/spire/templates/shared-alb.yml
+++ b/spire/templates/shared-alb.yml
@@ -440,6 +440,7 @@ Resources:
     Properties:
       DefaultAction:
         Allow: {}
+      Description: !Sub WAF for Spire ${EnvironmentType} shared ALB
       Scope: REGIONAL
       Tags:
         - { Key: prx:meta:tagging-version, Value: "2021-04-07" }
@@ -453,6 +454,11 @@ Resources:
         CloudWatchMetricsEnabled: false
         MetricName: !Sub ${Alb.LoadBalancerName}-WAF
         SampledRequestsEnabled: false
+  WafAssociation:
+    Type: AWS::WAFv2::WebACLAssociation
+    Properties:
+      ResourceArn: !Ref Alb
+      WebACLArn: !GetAtt Waf.Arn
 
 Outputs:
   AlbArn: