How to get resource out of the CfnStack?

Question

I used the CfnInclude to import a cloudformation template to my cdk code:

template= _cfn_include.CfnInclude(self,
     'template',
      template_file = "aws-waf-security-automations.yaml")

After that I used the get_resource() to get one of the resources from this template:

waf = template.get_resource("WebACLStack")

The problem is that this resource is not of the type WafWebACL, it is of the type CfnStack. Inside the template this resource is being described in this way:

WebACLStack:
Type: 'AWS::CloudFormation::Stack'
DependsOn: CheckRequirements
Properties:
  TemplateURL: !Sub
    - 'https://${S3Bucket}.s3.amazonaws.com/${KeyPrefix}/aws-waf-security-automations-webacl.template'
    -
      S3Bucket: !FindInMap ["SourceCode", "General", "TemplateBucket"]
      KeyPrefix: !FindInMap ["SourceCode", "General", "KeyPrefix"]
  Parameters:
    ActivateAWSManagedRulesParam: !Ref ActivateAWSManagedRulesParam ...

How can I get the WAFWebACL out of the CfnStack? As I understood, the WAFWebACL is a nested stack inside the CfnStack.

Obs.: I got this template from this url: https://docs.aws.amazon.com/solutions/latest/aws-waf-security-automations/template.html

Obs2: The template outputs like this way:

 WAFWebACL:
   Description: AWS WAF WebACL
   Value: !GetAtt WebACLStack.Outputs.WAFWebACL

So could I get the WAFWebACL resource from the imput?

Answer 1

You need to load the nested stack first:

from aws_cdk.aws_wafv2 import CfnWebACL

web_acl_stack = template.load_nested_stack("WebACLStack", template_file="aws-waf-security-automations-webacl.template")
waf: CfnWebACL = web_acl_stack.get_resource("WAFWebACL")

I think you also need to keep the stack template of the nested stack locally and use the correct path instead of just "aws-waf-security-automations-webacl.template" when loading the nested stack.

(I assume you are using Python)