Hi SST team 👋
First off, huge fan of SST. We use SST v3 extensively in production.
While adding AWS WAF (Bot Control) in front of a sst.aws.Nextjs app, I ran into a docs gap that took a while to figure out. The behavior is correct, but undocumented, and it’s very easy to get wrong.
I'll be more than happy to add an example myself, and here is the code I'd expect to write:
1. Create a CloudFront Web ACL
const webAcl = new aws.wafv2.WebAcl("WebAcl", {
scope: "CLOUDFRONT",
defaultAction: { allow: {} },
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "web-acl",
sampledRequestsEnabled: true,
},
rules: [
{
name: "AWSManagedRules",
priority: 0,
overrideAction: { none: {} },
statement: {
managedRuleGroupStatement: {
vendorName: "AWS",
name: "AWSManagedRulesCommonRuleSet",
},
},
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "managed-rules",
sampledRequestsEnabled: true,
},
},
],
})
2. Attach the Web ACL to a Next.js CloudFront distribution
const site = new sst.aws.Nextjs("NextjsSite", {
path: "web/",
transform: {
cdn: {
transform: {
distribution(args) {
args.webAclId = webAcl.arn
},
},
},
},
})If this is something the SST team feels would be useful to document, I’d be happy to open a PR adding this as an example to the docs.
Hi SST team 👋
First off, huge fan of SST. We use SST v3 extensively in production.
While adding AWS WAF (Bot Control) in front of a
sst.aws.Nextjsapp, I ran into a docs gap that took a while to figure out. The behavior is correct, but undocumented, and it’s very easy to get wrong.I'll be more than happy to add an example myself, and here is the code I'd expect to write:
1. Create a CloudFront Web ACL
2. Attach the Web ACL to a Next.js CloudFront distribution
If this is something the SST team feels would be useful to document, I’d be happy to open a PR adding this as an example to the docs.