WAF Integration
The Gothic Framework supports attaching an existing AWS WAF WebACL to the CloudFront distribution created during deployment. This gives you full control over your firewall rules without adding complexity to the Gothic CLI.
Set the WafArn field on a stage in gothic.config.go. It is a source-aware EnvValue, so use gothic.Env("arn:...") for a literal ARN or gothic.SSMParam("/path") to resolve it from Parameter Store at deploy time. Leave it unset if no WAF is needed:
Stages: map[string]gothic.Stage{
"dev": {
WafArn: gothic.SSMParam("/myapp/dev/waf-arn"),
},
},The WafArn field accepts any EnvValue source:
- gothic.Env("arn:...") — a full WAF WebACL ARN as a literal string
- gothic.SSMParam("/path") — resolves the ARN from Parameter Store at deploy time
- unset — no WAF is attached to that stage
When a WafArn is provided, Gothic automatically associates that existing WebACL with your CloudFront distribution. This is a plug-and-play approach — you create and manage your WAF rules separately, then simply reference the ARN in your config.
Need to tweak how your container image is built? Let's customize the Dockerfile next!
