Disclaimer: Mobb.ninja is not official Red Hat documentation - These guides may be experimental, proof of concept or early adoption. Officially supported documentation is available at https://docs.openshift.com.
Examples of using a WAF in front of ROSA / OSD on AWS / OCP on AWS
Operator requires WAF (Web Application Firewall) in front of their workloads running on OpenShift (ROSA)
Operator does not want WAF running on OpenShift to ensure that OCP resources do not experience Denial of Service through handling the WAF
Cloud Front -> WAF -> CustomDomain -> $APP
This is the preferred method and can also work with most third party WAF systems that act as a reverse proxy
Uses a custom domain, custom route, LE cert. CloudFront and WAF
Application Load Balancer -> ALB Operator -> $APP
Installs the ALB Operator, and uses the ALB to route via WAF, one ALB per app though!