diff --git a/terraform/cloudwatch.tf b/terraform/cloudwatch.tf
index db0d5ab..a64f299 100644
--- a/terraform/cloudwatch.tf
+++ b/terraform/cloudwatch.tf
@@ -10,8 +10,9 @@ resource "aws_cloudwatch_log_group" "ecs" {
 
 # CloudWatch Log Group for WAF Logs
 # Logs all WAF activity including blocked requests
+# Note: WAF log group names must start with "aws-waf-logs-"
 resource "aws_cloudwatch_log_group" "waf" {
-  name              = "/aws/waf/${var.name_prefix}"
+  name              = "aws-waf-logs-${var.name_prefix}"
   retention_in_days = 30 # Extended retention for security compliance
 
   tags = {
diff --git a/terraform/providers.tf b/terraform/providers.tf
index 946b1e7..7889e1c 100644
--- a/terraform/providers.tf
+++ b/terraform/providers.tf
@@ -29,4 +29,9 @@ provider "aws" {
 
 provider "github" {
   owner = var.github_owner
+  app_auth {
+    id              = var.github_app_id
+    installation_id = var.github_app_installation_id
+    pem_file        = var.github_app_pem_file
+  }
 }
\ No newline at end of file
diff --git a/terraform/variables.tf b/terraform/variables.tf
index f43e884..c4c343d 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -137,3 +137,18 @@ variable "github_repo" {
   type        = string
   default     = "drupal-example"
 }
+
+variable "github_app_id" {
+  description = "GitHub App ID"
+  type        = string
+}
+
+variable "github_app_installation_id" {
+  description = "GitHub App Installation ID"
+  type        = string
+}
+
+variable "github_app_pem_file" {
+  description = "GitHub App PEM file"
+  type        = string
+}