Skip to content

Feature Request: Enable WAF configuration in the Router #5846

New issue
New issue
Closed
#6379
Closed
Feature Request: Enable WAF configuration in the Router#5846
#6379
Assignees
fwang
@waynenilsen

Description

@waynenilsen
waynenilsen
opened on May 29, 2025

It appears that there was some discussion on this in the pre-router days.

https://github.com/sst/sst/issues?q=is%3Aissue%20state%3Aclosed%20waf

And it appears that much of that discussion was closed in the abandoned (?) move to switch to the sst/v2 repo.

In any case, Router is an incredible accomplishment and I have found it extremely useful. It is merely missing one very powerful feature of AWS which is the WAF.

Here is some related pulumi documentation that really outlines exactly how to do it

https://www.pulumi.com/answers/aws-waf-and-cloudfront-security-setup/

In the spirit of SST it would be amazing to have it have some reasonable default values with customization if desired, so perhaps something such as this.

const router = new sst.aws.Router("MyRouter", {
  domain: {
    name: `...`,
    dns: sst.cloudflare.dns(),
  },
  waf: true
});

Or for the customizer

// Define the AWS WAF Web ACL
const waf = new aws.wafv2.WebAcl("MyWaf", {
  ...
});
const router = new sst.aws.Router("MyRouter", {
  domain: {
    name: `...`,
    dns: sst.cloudflare.dns(),
  },
  transform: {
    webAclId: waf.id
  }
});

Related discord
https://discord.com/channels/983865673656705025/1377264052635570206

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions