Added AWS::WAFv2::WebACL regular expressions

Author: JohnPreston

src/compose_x_common/aws/arns.py

@@ -25,6 +25,7 @@
 from compose_x_common.aws.sqs import SQS_QUEUE_ARN_RE
 from compose_x_common.aws.ssm_parameter import SSM_PARAMETER_ARN_RE
 from compose_x_common.aws.vpc import SUBNET_ARN_RE, VPC_ARN_RE
+from compose_x_common.aws.wafv2 import WAF_V2_WEB_ACL_ARN_RE
 
 ARNS_PER_CFN_TYPE = {
     "AWS::IAM::Role": IAM_ROLE_ARN_RE,
@@ -61,6 +62,7 @@
     "AWS::MSK::ServerlessCluster": MSK_CLUSTER_ARN_RE,
     "AWS::Glue::Registry": GLUE_SR_ARN_RE,
     "AWS::APS::Workspace": APS_WORKSPACE_ARN_RE,
+    "AWS::WAFv2::WebACL": WAF_V2_WEB_ACL_ARN_RE,
 }
 
 ARNS_PER_TAGGINGAPI_TYPE = {

src/compose_x_common/aws/wafv2.py

@@ -0,0 +1,18 @@
+# SPDX-License-Identifier: MPL-2.0
+# Copyright 2020-2023 John Mille <[email protected]>
+
+"""AWS::WAFv2::"""
+
+import re
+
+WAF_V2_WEB_ACL_ARN_RE = re.compile(
+    r"^arn:aws(?P<partition>-[a-z]+)?:wafv2:(?P<region>[a-z\d\-]+-\d):(?P<accountid>[\d]{12}):"
+    r"(?P<scope>regional|global)/webacl/(?P<name>[\w\-_]+)/(?P<id>[\S]+)$"
+)
+
+WAF_V2_WEB_ACL_REF_RE = re.compile(
+    r"^(?P<name>[\w\-_]+)\|(?P<id>[\w\-]+)\|(?P<scope>REGIONAL|GLOBAL)$"
+)
+WAF_V2_WEB_ACL_NAMESPACE_PREFIX_RE = re.compile(
+    r"^awswaf:\d{12}:webacl:(?P<name>[\w\-_]+):"
+)

tests/test_arns.py

@@ -38,6 +38,7 @@ def valid_arns():
         "AWS::MSK::ServerlessCluster": "arn:aws:kafka:eu-west-1:123456789012:cluster/demo-cluster-1/d7e68213-0896-4839-80df-dea01b79750c-s1",
         "AWS::MSK::Configuration": "arn:aws:kafka:eu-west-1:123456789012:configuration/default-msk-331/e44a32b9-4cba-4686-a1e4-b0e72fb1baa4-8",
         "AWS::Glue::Registry": "arn:aws:glue:us-east-2:012345678912:registry/registryname-1",
+        "AWS::WAFv2::WebACL": "arn:aws:wafv2:eu-west-1:012345678912:regional/webacl/wafv2-webacl-dev/732c1718-ea9f-4370-a2a9-607f948a3cd7",
     }