Examples of using a WAF in front of ROSA / OSD on AWS / OCP on AWS
This content is authored by Red Hat experts, but has not yet been tested on every supported configuration.
Problem Statement
Operator requires WAF (Web Application Firewall) in front of their workloads running on OpenShift (ROSA)
Operator does not want WAF running on OpenShift to ensure that OCP resources do not experience Denial of Service through handling the WAF
Quick Introduction by Paul Czarkowski & Ryan Niksch on YouTube
Solutions
Cloud Front -> WAF -> CustomDomain -> $APP
This is the preferred method and can also work with most third party WAF systems that act as a reverse proxy
Uses a custom domain, custom route, LE cert. CloudFront and WAF
Application Load Balancer -> ALB Operator -> $APP
Installs the ALB Operator, and uses the ALB to route via WAF, one ALB per app though!