Service: AWS WAF
Short Name:
waf
ARN Format:
arn:aws:waf::${Account}:${ResourceId}/${Id}ARN Regex:
^arn:aws:waf::[0-9]+:.+/.+CloudFrontFullAccess
…
AWSConfigRoleAction | Access | Reference | Description |
|---|---|---|---|
| waf:ListActivatedRulesInRuleGroup | Docs | Grants permission to retrieve an array of ActivatedRule objects | |
| waf:ListByteMatchSets | Docs | Grants permission to retrieve an array of ByteMatchSetSummary objects | |
| waf:ListGeoMatchSets | Docs | Grants permission to retrieve an array of GeoMatchSetSummary objects | |
| waf:ListIPSets | Docs | Grants permission to retrieve an array of IPSetSummary objects | |
| waf:ListLoggingConfigurations | Docs | Grants permission to retrieve an array of LoggingConfiguration objects | |
| waf:ListRateBasedRules | Docs | Grants permission to retrieve an array of RuleSummary objects | |
| waf:ListRegexMatchSets | Docs | Grants permission to retrieve an array of RegexMatchSetSummary objects | |
| waf:ListRegexPatternSets | Docs | Grants permission to retrieve an array of RegexPatternSetSummary objects | |
| waf:ListRuleGroups | Docs | Grants permission to retrieve an array of RuleGroup objects | |
| waf:ListRules | Docs | Grants permission to retrieve an array of RuleSummary objects | |
| waf:ListSizeConstraintSets | Docs | Grants permission to retrieve an array of SizeConstraintSetSummary objects | |
| waf:ListSqlInjectionMatchSets | Docs | Grants permission to retrieve an array of SqlInjectionMatchSet objects | |
| waf:ListSubscribedRuleGroups | Docs | Grants permission to retrieve an array of RuleGroup objects that you are subscribed to | |
| waf:ListWebACLs | Docs | Grants permission to retrieve an array of WebACLSummary objects | |
| waf:ListXssMatchSets | Docs | Grants permission to retrieve an array of XssMatchSet objects | |
| waf:CreateWebACL | Docs | Grants permission to create a WebACL, which contains rules for filtering web requests | |
| waf:DeletePermissionPolicy | Docs | Grants permission to delete an IAM policy from a rule group | |
| waf:DeleteWebACL | Docs | Grants permission to delete a WebACL | |
| waf:PutPermissionPolicy | Docs | Grants permission to attach an IAM policy to a rule group, to share the rule group between accounts | |
| waf:UpdateWebACL | Docs | Grants permission to insert or delete ActivatedRule objects in a WebACL | |
| waf:GetByteMatchSet | Docs | Grants permission to retrieve a ByteMatchSet | |
| waf:GetChangeToken | Docs | Grants permission to retrieve a change token to use in create, update, and delete requests | |
| waf:GetChangeTokenStatus | Docs | Grants permission to retrieve the status of a change token | |
| waf:GetGeoMatchSet | Docs | Grants permission to retrieve a GeoMatchSet | |
| waf:GetIPSet | Docs | Grants permission to retrieve an IPSet | |
| waf:GetLoggingConfiguration | Docs | Grants permission to retrieve a LoggingConfiguration for a web ACL | |
| waf:GetPermissionPolicy | Docs | Grants permission to retrieve an IAM policy for a rule group | |
| waf:GetRateBasedRule | Docs | Grants permission to retrieve a RateBasedRule | |
| waf:GetRateBasedRuleManagedKeys | Docs | Grants permission to retrieve the array of IP addresses that are currently being blocked by a RateBasedRule | |
| waf:GetRegexMatchSet | Docs | Grants permission to retrieve a RegexMatchSet | |
| waf:GetRegexPatternSet | Docs | Grants permission to retrieve a RegexPatternSet | |
| waf:GetRule | Docs | Grants permission to retrieve a Rule | |
| waf:GetRuleGroup | Docs | Grants permission to retrieve a RuleGroup | |
| waf:GetSampledRequests | Docs | Grants permission to retrieve detailed information about a sample set of web requests | |
| waf:GetSizeConstraintSet | Docs | Grants permission to retrieve a SizeConstraintSet | |
| waf:GetSqlInjectionMatchSet | Docs | Grants permission to retrieve an SqlInjectionMatchSet | |
| waf:GetWebACL | Docs | Grants permission to retrieve a WebACL | |
| waf:GetXssMatchSet | Docs | Grants permission to retrieve an XssMatchSet | |
| waf:ListTagsForResource | Docs | Grants permission to retrieve the tags for a resource | |
| waf:TagResource | Docs | Grants permission to add a Tag to a resource | |
| waf:UntagResource | Docs | Grants permission to remove a Tag from a resource | |
| waf:CreateByteMatchSet | Docs | Grants permission to create a ByteMatchSet | |
| waf:CreateGeoMatchSet | Docs | Grants permission to create a GeoMatchSet | |
| waf:CreateIPSet | Docs | Grants permission to create an IPSet | |
| waf:CreateRateBasedRule | Docs | Grants permission to create a RateBasedRule for limiting the volume of requests from a single IP address | |
| waf:CreateRegexMatchSet | Docs | Grants permission to create a RegexMatchSet | |
| waf:CreateRegexPatternSet | Docs | Grants permission to create a RegexPatternSet | |
| waf:CreateRule | Docs | Grants permission to create a Rule for filtering web requests | |
| waf:CreateRuleGroup | Docs | Grants permission to create a RuleGroup, which is a collection of predefined rules that you can use in a WebACL | |
| waf:CreateSizeConstraintSet | Docs | Grants permission to create a SizeConstraintSet | |
| waf:CreateSqlInjectionMatchSet | Docs | Grants permission to create an SqlInjectionMatchSet | |
| waf:CreateWebACLMigrationStack | Docs | Grants permission to create a CloudFormation web ACL template in an S3 bucket for the purposes of migrating the web ACL from AWS WAF Classic to AWS WAF v2 | |
| waf:CreateXssMatchSet | Docs | Grants permission to create an XssMatchSet, which you use to detect requests that contain cross-site scripting attacks | |
| waf:DeleteByteMatchSet | Docs | Grants permission to delete a ByteMatchSet | |
| waf:DeleteGeoMatchSet | Docs | Grants permission to delete a GeoMatchSet | |
| waf:DeleteIPSet | Docs | Grants permission to delete an IPSet | |
| waf:DeleteLoggingConfiguration | Docs | Grants permission to delete the LoggingConfiguration from a web ACL | |
| waf:DeleteRateBasedRule | Docs | Grants permission to delete a RateBasedRule | |
| waf:DeleteRegexMatchSet | Docs | Grants permission to delete a RegexMatchSet | |
| waf:DeleteRegexPatternSet | Docs | Grants permission to delete a RegexPatternSet | |
| waf:DeleteRule | Docs | Grants permission to delete a Rule | |
| waf:DeleteRuleGroup | Docs | Grants permission to delete a RuleGroup | |
| waf:DeleteSizeConstraintSet | Docs | Grants permission to delete a SizeConstraintSet | |
| waf:DeleteSqlInjectionMatchSet | Docs | Grants permission to delete an SqlInjectionMatchSet | |
| waf:DeleteXssMatchSet | Docs | Grants permission to delete an XssMatchSet | |
| waf:PutLoggingConfiguration | Docs | Grants permission to associate a LoggingConfiguration with a specified web ACL | |
| waf:UpdateByteMatchSet | Docs | Grants permission to insert or delete ByteMatchTuple objects in a ByteMatchSet | |
| waf:UpdateGeoMatchSet | Docs | Grants permission to insert or delete GeoMatchConstraint objects in a GeoMatchSet | |
| waf:UpdateIPSet | Docs | Grants permission to insert or delete IPSetDescriptor objects in an IPSet | |
| waf:UpdateRateBasedRule | Docs | Grants permission to modify a rate based rule | |
| waf:UpdateRegexMatchSet | Docs | Grants permission to insert or delete RegexMatchTuple objects in a RegexMatchSet | |
| waf:UpdateRegexPatternSet | Docs | Grants permission to insert or delete RegexPatternStrings in a RegexPatternSet | |
| waf:UpdateRule | Docs | Grants permission to modify a Rule | |
| waf:UpdateRuleGroup | Docs | Grants permission to insert or delete ActivatedRule objects in a RuleGroup | |
| waf:UpdateSizeConstraintSet | Docs | Grants permission to insert or delete SizeConstraint objects in a SizeConstraintSet | |
| waf:UpdateSqlInjectionMatchSet | Docs | Grants permission to insert or delete SqlInjectionMatchTuple objects in an SqlInjectionMatchSet | |
| waf:UpdateXssMatchSet | Docs | Grants permission to insert or delete XssMatchTuple objects in an XssMatchSet |
aws:RequestTag/${TagKey}aws:ResourceTag/${TagKey}aws:TagKeys