Add dormant WAF for shared ALB

Author: farski

spire/templates/shared-alb.yml

@@ -435,6 +435,25 @@ Resources:
           SetIdentifier: !Ref AWS::StackName
           Type: A
 
+  Waf:
+    Type: AWS::WAFv2::WebACL
+    Properties:
+      DefaultAction:
+        Allow:
+      Scope: REGIONAL
+      Tags:
+        - { Key: prx:meta:tagging-version, Value: "2021-04-07" }
+        - { Key: prx:cloudformation:stack-name, Value: !Ref AWS::StackName }
+        - { Key: prx:cloudformation:stack-id, Value: !Ref AWS::StackId }
+        - { Key: prx:cloudformation:root-stack-name, Value: !Ref RootStackName }
+        - { Key: prx:cloudformation:root-stack-id, Value: !Ref RootStackId }
+        - { Key: prx:ops:environment, Value: !Ref EnvironmentType }
+        - { Key: prx:dev:application, Value: Common }
+      VisibilityConfig:
+        CloudWatchMetricsEnabled: false
+        MetricName: !Sub ${Alb.LoadBalancerName}-WAF
+        SampledRequestsEnabled: false
+
 Outputs:
   AlbArn:
     Description: The Amazon Resource Name (ARN) of the load balancer