Complete infrastructure and integration updates

Infrastructure improvements:
- Update CloudFront distribution with ACM certificate support
- Enable custom domain aliases when certificate is available
- Add comprehensive WAF outputs for CrowdSec integration
- Update variables with current configuration defaults

New files:
- Add CrowdSec WAF integration documentation
- Add sync script for CrowdSec to WAF automation
- Add MCP configuration for development tools

Configuration updates:
- Align Terraform configuration with deployed state
- Enable ACM certificate and Route53 DNS by default
- Maintain HTTP-only origin protocol for compatibility

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

main.tf

@@ -35,8 +35,8 @@ resource "aws_cloudfront_distribution" "main" {
   comment             = "CloudFront distribution for ${var.project_name} - ${var.environment}"
   default_root_object = "index.html"
 
-  # Aliases (custom domain names) - Disabled for default certificate
-  # aliases = var.cloudfront_aliases
+  # Aliases (custom domain names) - Enable when ACM certificate is available
+  aliases = var.create_acm_certificate ? var.cloudfront_aliases : null
 
   # Default cache behavior
   default_cache_behavior {
@@ -74,9 +74,12 @@ resource "aws_cloudfront_distribution" "main" {
     }
   }
 
-  # SSL/TLS certificate - Use CloudFront default certificate (temporary)
+  # SSL/TLS certificate - Use ACM certificate when available
   viewer_certificate {
-    cloudfront_default_certificate = true
+    acm_certificate_arn            = var.create_acm_certificate ? aws_acm_certificate.main[0].arn : null
+    ssl_support_method             = var.create_acm_certificate ? "sni-only" : null
+    minimum_protocol_version       = var.create_acm_certificate ? "TLSv1.2_2021" : null
+    cloudfront_default_certificate = var.create_acm_certificate ? false : true
   }
 
   # Custom error responses