AWS Managed Policies. A maze of twisty passages all alike. Explore them here. If it looks like a button, it's clickable. Always up to date.

AWSShieldServiceRolePolicy details (in AWS console)

Policy Name

AWSShieldServiceRolePolicy

Description

Allows AWS Shield to access AWS resources on your behalf to provide DDoS protection.

ARN

arn:aws:iam::aws:policy/aws-service-role/AWSShieldServiceRolePolicy

Path

/aws-service-role/

PolicyId

ANPAZKAPJZG4LW6EWPBMS

AttachmentCount

wafv2 cloudfront

[
  {
    "Effect": "Allow",
    "Action": [
      "wafv2:GetWebACL",
      "wafv2:UpdateWebACL",
      "wafv2:GetWebACLForResource",
      "wafv2:ListResourcesForWebACL",
      "cloudfront:ListDistributions",
      "cloudfront:GetDistribution"
    ],
    "Resource": [
      "*"
    ]
  }
]