How to add WAF to my cognito UserPool with cdk

Question

I can't find examples or documentation about how to use cdk to attach a waf to a cognito userpool.

We can attach WAF only to Cloudfront distribution and Application Loadbalancer only. Why do you need to attach WAF to Cognito Userpool? — Vikram S, Apr 21 '23 at 03:36
yes you can, if you go on "User pool properties" you can attach an AWS WAF to it. The purpopse is to add security. — kokito, Apr 21 '23 at 15:59
Thanks for that, looks like there is no API in Cognito Userpool you will need to create CfnWebACLAssociation and provide the Userpool ARN for the resource ARN. https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_wafv2.CfnWebACLAssociation.html#resourcearn — Vikram S, Apr 22 '23 at 06:19

score 1 · Accepted Answer · answered Apr 22 '23 at 06:22

There is no API in Cognito Userpool. You will need to create CfnWebACLAssociation and provide the Userpool ARN for the resource ARN.

https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_wafv2.CfnWebACLAssociation.html#resourcearn

import { aws_wafv2 as wafv2 } from 'aws-cdk-lib';
const cfnWebACLAssociation = new wafv2.CfnWebACLAssociation(this, 'MyCfnWebACLAssociation', {
  resourceArn: 'arn: *partition* :cognito-idp: *region* : *account-id* :userpool/ *user-pool-id*',
  webAclArn: 'webAclArn',
});

How to add WAF to my cognito UserPool with cdk

1 Answers1