Allow conditional association with ALB

* Minimal changes to make ALB optional and the web acl exportable

* Switch id to ARN due to confusing wafregional and wafv2

Co-authored-by: Alex Vincent <alex.vincent@geoplex.com.au>

cfm/waf.yaml

@@ -4,6 +4,7 @@ Parameters:
   AlbArn:
     Type: String
     Description: "Arn of the Application loadbalancer to associate with WAF"
+    Default: "no"
   NamePrefix:
     Type: String
     Description: "Name Prefix"
@@ -221,6 +222,8 @@ Conditions:
   IsAmazonIpReputationListExcludedRules: !Equals [ !Ref AmazonIpReputationListExcludedRules, "" ]
   IsRulesAnonymousIpListExcludedRules: !Equals [ !Ref RulesAnonymousIpListExcludedRules, "" ]
 
+  IsAlbArnProvided: !Not [!Equals [ !Ref AlbArn, "no" ]]
+
 Resources:
   WAFWebACL:
     Type: AWS::WAFv2::WebACL
@@ -504,8 +507,17 @@ Resources:
 
   WAFWebACLAssociation:
     Type: AWS::WAFv2::WebACLAssociation
+    Condition: IsAlbArnProvided
     Properties:
       ResourceArn:
         Ref: AlbArn
       WebACLArn:
-        Fn::GetAtt: [ WAFWebACL, Arn ]
+        Fn::GetAtt: [ WAFWebACL, Arn ]
+
+Outputs:
+  WAFWebName:
+    Description: The name of the created WafWebACL
+    Value: !Select [ 0, !Split ["|", !Ref WAFWebACL ]]
+  WAFWebArn:
+    Description: The ARN of the created WafWebACL
+    Value: !GetAtt [ WAFWebACL, Arn ]

outputs.tf

@@ -1 +1,13 @@
+locals {
+  waf_outputs = coalescelist(aws_cloudformation_stack.waf.*.outputs, [{}])[0]
+}
 
+output waf_name {
+  description = "The name of the created WAF Web ACL"
+  value       = lookup(local.waf_outputs, "WAFWebName", null)
+}
+
+output waf_arn {
+  description = "The arn of the created WAF Web ACL"
+  value       = lookup(local.waf_outputs, "WAFWebArn", null)
+}