I have a CloudFormation template which creates an ElasticBeanstalk environment like this:
"ApplicationEnvironment": {
"Type": "AWS::ElasticBeanstalk::Environment",
"Properties": {
"ApplicationName": {
"Ref": "Application"
},
"SolutionStackName": "64bit Amazon Linux 2018.03 v2.11.2 running Java 8",
"VersionLabel": {
"Ref": "AppVersion"
},
"Tier": {
"Name": "WebServer",
"Type": "Standard"
},
"OptionSettings": [
...
{
"Namespace": "aws:elasticbeanstalk:environment",
"OptionName": "EnvironmentType",
"Value": "LoadBalanced"
},
{
"Namespace": "aws:elasticbeanstalk:environment",
"OptionName": "LoadBalancerType",
"Value": "application"
},
...
---
"WAF": {
"Type": "AWS::WAFv2::WebACL",
"Properties": {
"DefaultAction": {
"Type": "BLOCK"
},
"Scope": "REGIONAL",
"VisibilityConfig": {
"CloudWatchMetricsEnabled": "false",
"MetricName": { "Fn::Join": [ "", [ { "Ref": "AWS::StackName" }, "metric-waf" ] ] },
"SampledRequestsEnabled": "false"
},
"Rules": [
{
"Action" : {
"Type" : "BLOCK"
},
"Priority" : 0,
"Statement" : {
"ManagedRuleGroupStatement": {
"VendorName": "AWS",
"Name": "AWSManagedRulesCommonRuleSet"
}
}
}
]
}
},
"WAFAssociation": {
"Type" : "AWS::WAFv2::WebACLAssociation",
"Properties" : {
"ResourceArn" : ???,
"WebACLArn" : { "Ref": "WAF" }
}
}
I intend to associate the Beanstalk ALB with the WebACL but have no idea how to refer to the application load balancer ARN that the template creates. I cannot just put a hardcoded ARN in since it always changes based on what the template creates.
Is there some way I can refer to the ALB ARN in the ResourceArn field? Or do I need to apply the WebACL somewhere in the Beanstalk Option Settings?