feat(aws-wafwebacl-alb): created aws-wafwebacl-alb construct (#465)

* created README for aws-wafwebacl-alb

* updated README

* created wafwebacl-alb construct

* updated file name

* added cfn suppress rules

* changed r53toAlb construct to just alb

Author: mickychetta

source/patterns/@aws-solutions-constructs/aws-wafwebacl-alb/.eslintignore

@@ -0,0 +1,4 @@
+lib/*.js
+test/*.js
+*.d.ts
+coverage

source/patterns/@aws-solutions-constructs/aws-wafwebacl-alb/.gitignore

@@ -0,0 +1,15 @@
+lib/*.js
+test/*.js
+*.js.map
+*.d.ts
+node_modules
+*.generated.ts
+dist
+.jsii
+
+.LAST_BUILD
+.nyc_output
+coverage
+.nycrc
+.LAST_PACKAGE
+*.snk

source/patterns/@aws-solutions-constructs/aws-wafwebacl-alb/.npmignore

@@ -0,0 +1,21 @@
+# Exclude typescript source and config
+*.ts
+tsconfig.json
+coverage
+.nyc_output
+*.tgz
+*.snk
+*.tsbuildinfo
+
+# Include javascript files and typescript declarations
+!*.js
+!*.d.ts
+
+# Exclude jsii outdir
+dist
+
+# Include .jsii
+!.jsii
+
+# Include .jsii
+!.jsii

source/patterns/@aws-solutions-constructs/aws-wafwebacl-alb/README.md

@@ -0,0 +1,102 @@
+# aws-wafwebacl-alb module
+<!--BEGIN STABILITY BANNER-->
+
+---
+
+![Stability: Experimental](https://img.shields.io/badge/stability-Experimental-important.svg?style=for-the-badge)
+
+> All classes are under active development and subject to non-backward compatible changes or removal in any
+> future version. These are not subject to the [Semantic Versioning](https://semver.org/) model.
+> This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.
+
+---
+<!--END STABILITY BANNER-->
+
+| **Reference Documentation**:| <span style="font-weight: normal">https://docs.aws.amazon.com/solutions/latest/constructs/</span>|
+|:-------------|:-------------|
+<div style="height:8px"></div>
+
+
+| **Language**     | **Package**        |
+|:-------------|-----------------|
+|![Python Logo](https://docs.aws.amazon.com/cdk/api/latest/img/python32.png) Python|`aws_solutions_constructs.aws_wafwebacl_alb`|
+|![Typescript Logo](https://docs.aws.amazon.com/cdk/api/latest/img/typescript32.png) Typescript|`@aws-solutions-constructs/aws-wafwebacl-alb`|
+|![Java Logo](https://docs.aws.amazon.com/cdk/api/latest/img/java32.png) Java|`software.amazon.awsconstructs.services.wafwebaclalb`|
+
+## Overview
+This AWS Solutions Construct implements an AWS WAF web ACL connected to an Application Load Balancer.
+
+Here is a minimal deployable pattern definition in Typescript:
+
+``` typescript
+import { Route53ToAlb } from '@aws-solutions-constructs/aws-route53-alb';
+import { WafwebaclToAlbProps, WafwebaclToAlb } from "@aws-solutions-constructs/aws-wafwebacl-alb";
+
+// A constructed ALB is required to be attached to the WAF Web ACL.
+// In this case, we are using this construct to create one.
+const r53ToAlb = new Route53ToAlb(this, 'Route53ToAlbPattern', {
+  privateHostedZoneProps: {
+    zoneName: 'www.example.com',
+  },
+  publicApi: false,
+  logAccessLogs: false
+});
+
+// This construct can only be attached to a configured Application Load Balancer.
+new WafwebaclToAlb(this, 'test-wafwebacl-alb', {
+    existingLoadBalancerObj: r53ToAlb.loadBalancer
+});
+```
+
+## Initializer
+
+``` text
+new WafwebaclToAlb(scope: Construct, id: string, props: WafwebaclToAlbProps);
+```
+
+_Parameters_
+
+* scope [`Construct`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_core.Construct.html)
+* id `string`
+* props [`WafwebaclToAlbProps`](#pattern-construct-props)
+
+## Pattern Construct Props
+
+| **Name**     | **Type**        | **Description** |
+|:-------------|:----------------|-----------------|
+|existingLoadBalancerObj|[`elbv2.ApplicationLoadBalancer`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-elasticloadbalancingv2.ApplicationLoadBalancer.html)|The existing Application Load Balancer Object that will be protected with the WAF web ACL. *Note that a WAF web ACL can only be added to a configured Application Load Balancer, so this construct only accepts an existing ApplicationLoadBalancer and does not accept applicationLoadBalancerProps.*|
+|existingWebaclObj?|[`waf.CfnWebACL`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-waf.CfnWebACL.html)|Existing instance of a WAF web ACL, an error will occur if this and props is set.|
+|webaclProps?|[`waf.CfnWebACLProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-waf.CfnWebACLProps.html)|Optional user-provided props to override the default props for the AWS WAF web ACL. To use a different collection of managed rule sets, specify a new rules property. Use our [`wrapManagedRuleSet(managedGroupName: string, vendorName: string, priority: number)`](../core/lib/waf-defaults.ts) function from core to create an array entry from each desired managed rule set.|
+
+## Pattern Properties
+
+| **Name**     | **Type**        | **Description** |
+|:-------------|:----------------|-----------------|
+|webacl|[`waf.CfnWebACL`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-waf.CfnWebACL.html)|Returns an instance of the waf.CfnWebACL created by the construct.|
+|loadBalancer|[`elbv2.ApplicationLoadBalancer`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-elasticloadbalancingv2.ApplicationLoadBalancer.html)|Returns an instance of the Application Load Balancer Object created by the pattern. |
+
+## Default settings
+
+Out of the box implementation of the Construct without any override will set the following defaults:
+
+### AWS WAF
+* Deploy a WAF web ACL with 7 [AWS managed rule groups](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html).
+    * AWSManagedRulesBotControlRuleSet
+    * AWSManagedRulesKnownBadInputsRuleSet
+    * AWSManagedRulesCommonRuleSet
+    * AWSManagedRulesAnonymousIpList
+    * AWSManagedRulesAmazonIpReputationList
+    * AWSManagedRulesAdminProtectionRuleSet
+    * AWSManagedRulesSQLiRuleSet
+
+    *Note that the default rules can be replaced by specifying the rules property of CfnWebACLProps*
+* Send metrics to Amazon CloudWatch
+
+### Application Load Balancer
+* User provided Application Load Balancer object is used as-is
+
+## Architecture
+![Architecture Diagram](architecture.png)
+
+***
+&copy; Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.

source/patterns/@aws-solutions-constructs/aws-wafwebacl-alb/architecture.png

@@ -0,0 +1,72 @@
+/**
+ *  Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+ *  with the License. A copy of the License is located at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
+ *  OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
+ *  and limitations under the License.
+ */
+
+// Imports
+import * as waf from '@aws-cdk/aws-wafv2';
+import * as elbv2 from "@aws-cdk/aws-elasticloadbalancingv2";
+import * as defaults from '@aws-solutions-constructs/core';
+// Note: To ensure CDKv2 compatibility, keep the import statement for Construct separate
+import { Construct } from '@aws-cdk/core';
+
+/**
+ * @summary The properties for the WafwebaclToAlb class.
+ */
+export interface WafwebaclToAlbProps {
+  /**
+   * The existing Application Load Balancer instance that will be protected with the WAF web ACL.
+   */
+  readonly existingLoadBalancerObj: elbv2.ApplicationLoadBalancer,
+  /**
+   * Existing instance of a WAF web ACL, an error will occur if this and props is set
+   */
+  readonly existingWebaclObj?: waf.CfnWebACL,
+  /**
+   * Optional user-provided props to override the default props for the AWS WAF web ACL.
+   *
+   * @default - Default properties are used.
+   */
+  readonly webaclProps?: waf.CfnWebACLProps,
+}
+
+/**
+ * @summary The WafwebaclToAlb class.
+ */
+export class WafwebaclToAlb extends Construct {
+  public readonly webacl: waf.CfnWebACL;
+  public readonly loadBalancer: elbv2.ApplicationLoadBalancer;
+  /**
+   * @summary Constructs a new instance of the WafwebaclToAlb class.
+   * @param {cdk.App} scope - represents the scope for all the resources.
+   * @param {string} id - this is a a scope-unique id.
+   * @param {WafwebaclToAlbProps} props - user provided props for the construct.
+   * @access public
+   */
+  constructor(scope: Construct, id: string, props: WafwebaclToAlbProps) {
+    super(scope, id);
+    defaults.CheckProps(props);
+
+    // Build the Web ACL
+    this.webacl = defaults.buildWebacl(this, 'REGIONAL', {
+      existingWebaclObj: props.existingWebaclObj,
+      webaclProps: props.webaclProps,
+    });
+
+    // Setup the Web ACL Association
+    new waf.CfnWebACLAssociation(scope, `${id}-WebACLAssociation`, {
+      webAclArn: this.webacl.attrArn,
+      resourceArn: props.existingLoadBalancerObj.loadBalancerArn
+    });
+
+    this.loadBalancer = props.existingLoadBalancerObj;
+  }
+}

source/patterns/@aws-solutions-constructs/aws-wafwebacl-alb/lib/index.ts

@@ -0,0 +1,102 @@
+{
+  "name": "@aws-solutions-constructs/aws-wafwebacl-alb",
+  "version": "0.0.0",
+  "description": "CDK constructs for defining an AWS web WAF connected to an Application Load Balancer.",
+  "main": "lib/index.js",
+  "types": "lib/index.d.ts",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/awslabs/aws-solutions-constructs.git",
+    "directory": "source/patterns/@aws-solutions-constructs/aws-wafwebacl-alb"
+  },
+  "author": {
+    "name": "Amazon Web Services",
+    "url": "https://aws.amazon.com",
+    "organization": true
+  },
+  "license": "Apache-2.0",
+  "scripts": {
+    "build": "tsc -b .",
+    "lint": "eslint -c ../eslintrc.yml --ext=.js,.ts . && tslint --project .",
+    "lint-fix": "eslint -c ../eslintrc.yml --ext=.js,.ts --fix .",
+    "test": "jest --coverage",
+    "clean": "tsc -b --clean",
+    "watch": "tsc -b -w",
+    "integ": "cdk-integ",
+    "integ-assert": "cdk-integ-assert",
+    "integ-no-clean": "cdk-integ --no-clean",
+    "jsii": "jsii",
+    "jsii-pacmak": "jsii-pacmak",
+    "build+lint+test": "npm run jsii && npm run lint && npm test && npm run integ-assert",
+    "snapshot-update": "npm run jsii && npm test -- -u && npm run integ-assert"
+  },
+  "jsii": {
+    "outdir": "dist",
+    "targets": {
+      "java": {
+        "package": "software.amazon.awsconstructs.services.wafwebaclalb",
+        "maven": {
+          "groupId": "software.amazon.awsconstructs",
+          "artifactId": "wafwebaclalb"
+        }
+      },
+      "dotnet": {
+        "namespace": "Amazon.Constructs.AWS.WafwebaclAlb",
+        "packageId": "Amazon.Constructs.AWS.WafwebaclAlb",
+        "signAssembly": true,
+        "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png"
+      },
+      "python": {
+        "distName": "aws-solutions-constructs.aws-wafwebacl-alb",
+        "module": "aws_solutions_constructs.aws_wafwebacl_alb"
+      }
+    }
+  },
+  "dependencies": {
+    "@aws-cdk/aws-autoscaling": "0.0.0",
+    "@aws-cdk/aws-ec2": "0.0.0",
+    "@aws-cdk/aws-elasticloadbalancingv2": "0.0.0",
+    "@aws-cdk/aws-wafv2": "0.0.0",
+    "@aws-cdk/core": "0.0.0",
+    "@aws-solutions-constructs/core": "0.0.0",
+    "@aws-solutions-constructs/aws-route53-alb": "0.0.0",
+    "constructs": "^3.2.0"
+  },
+  "devDependencies": {
+    "@aws-cdk/assert": "0.0.0",
+    "@types/jest": "^26.0.22",
+    "@types/node": "^10.3.0"
+  },
+  "jest": {
+    "moduleFileExtensions": [
+      "js"
+    ],
+    "coverageReporters": [
+      "text",
+      [
+        "lcov",
+        {
+          "projectRoot": "../../../../"
+        }
+      ]
+    ]
+  },
+  "peerDependencies": {
+    "@aws-cdk/aws-autoscaling": "0.0.0",
+    "@aws-cdk/aws-ec2": "0.0.0",
+    "@aws-cdk/aws-elasticloadbalancingv2": "0.0.0",
+    "@aws-cdk/aws-wafv2": "0.0.0",
+    "@aws-cdk/core": "0.0.0",
+    "@aws-solutions-constructs/core": "0.0.0",
+    "@aws-solutions-constructs/aws-route53-alb": "0.0.0",
+    "constructs": "^3.2.0"
+  },
+  "keywords": [
+    "aws",
+    "cdk",
+    "awscdk",
+    "AWS Solutions Constructs",
+    "AWS WAF Web ACL",
+    "Application Load Balancer"
+  ]
+}