Permissions for @turbot/aws-waf
Taking a look at permissions and associated grant levels for each permission for WAF:
Permission | Grant Level | Help |
---|---|---|
waf:CreateByteMatchSet | Admin | Admin can create the matchset part of a web request for AWS WAF to inspect |
waf:CreateGeoMatchSet | Admin | |
waf:CreateIPSet | Admin | |
waf:CreateRateBasedRule | Admin | |
waf:CreateRegexMatchSet | Admin | |
waf:CreateRegexPatternSet | Admin | |
waf:CreateRule | Admin | Admin can create a rule which contains the condition objects to block or allow access. |
waf:CreateRuleGroup | Admin | Admin can create a rule group which is a collection of predefined rules that can be added to a web ACL. |
waf:CreateSizeConstraintSet | Admin | |
waf:CreateSqlInjectionMatchSet | Admin | |
waf:CreateWebACL | Admin | Admin can create a WebACL that contains the Rules that identify the CloudFront web requests that should be allowed or blocked or counted. |
waf:CreateWebACLMigrationStack | Admin | |
waf:CreateXssMatchSet | Admin | |
waf:DeleteByteMatchSet | Admin | |
waf:DeleteGeoMatchSet | Admin | |
waf:DeleteIPSet | Admin | |
waf:DeleteLoggingConfiguration | Admin | |
waf:DeletePermissionPolicy | Admin | Admin can permanently delete an IAM policy from the specified RuleGroup. |
waf:DeleteRateBasedRule | Admin | |
waf:DeleteRegexMatchSet | Admin | |
waf:DeleteRegexPatternSet | Admin | |
waf:DeleteRule | Admin | |
waf:DeleteRuleGroup | Admin | Admin can delete a RuleGroup. |
waf:DeleteSizeConstraintSet | Admin | |
waf:DeleteSqlInjectionMatchSet | Admin | |
waf:DeleteWebACL | Admin | Admin can delete a WebACL. |
waf:DeleteXssMatchSet | Admin | |
waf:GetByteMatchSet | Metadata | |
waf:GetChangeToken | Metadata | |
waf:GetChangeTokenStatus | Metadata | |
waf:GetGeoMatchSet | Metadata | |
waf:GetIPSet | ReadOnly | |
waf:GetLoggingConfiguration | Metadata | |
waf:GetPermissionPolicy | ReadOnly | |
waf:GetRateBasedRule | ReadOnly | |
waf:GetRateBasedRuleManagedKeys | ReadOnly | |
waf:GetRegexMatchSet | Metadata | |
waf:GetRegexPatternSet | Metadata | |
waf:GetRule | Metadata | |
waf:GetRuleGroup | Metadata | |
waf:GetSampledRequests | Metadata | |
waf:GetSizeConstraintSet | Metadata | |
waf:GetSqlInjectionMatchSet | Metadata | |
waf:GetWebACL | ReadOnly | |
waf:GetXssMatchSet | Metadata | |
waf:ListActivatedRulesInRuleGroup | Metadata | |
waf:ListByteMatchSets | Metadata | |
waf:ListGeoMatchSets | Metadata | |
waf:ListIPSets | Metadata | |
waf:ListLoggingConfigurations | Metadata | |
waf:ListRateBasedRules | Metadata | |
waf:ListRegexMatchSets | Metadata | |
waf:ListRegexPatternSets | Metadata | |
waf:ListRuleGroups | Metadata | |
waf:ListRules | Metadata | |
waf:ListSizeConstraintSets | Metadata | |
waf:ListSqlInjectionMatchSets | Metadata | |
waf:ListSubscribedRuleGroups | Metadata | |
waf:ListTagsForResource | Metadata | |
waf:ListWebACLs | Metadata | |
waf:ListXssMatchSets | Metadata | |
waf:PutLoggingConfiguration | Admin | |
waf:PutPermissionPolicy | Admin | Admin can attache a IAM policy to the specified resource. |
waf:TagResource | Operator | |
waf:UntagResource | Operator | |
waf:UpdateByteMatchSet | Admin | |
waf:UpdateGeoMatchSet | Admin | |
waf:UpdateIPSet | Admin | |
waf:UpdateRateBasedRule | Admin | |
waf:UpdateRegexMatchSet | Admin | |
waf:UpdateRegexPatternSet | Admin | |
waf:UpdateRule | Admin | |
waf:UpdateRuleGroup | Admin | Admin can insert or delete an ActivatedRule objects in a RuleGroup. |
waf:UpdateSizeConstraintSet | Admin | |
waf:UpdateSqlInjectionMatchSet | Admin | |
waf:UpdateWebACL | Admin | Admin can insert or delete ActivatedRule objects in a WebACL. |
waf:UpdateXssMatchSet | Admin | |
wafv2:AssociateWebACL | Admin | |
wafv2:CheckCapacity | Metadata | |
wafv2:CreateIPSet | Admin | |
wafv2:CreateRegexPatternSet | Admin | |
wafv2:CreateRuleGroup | Admin | |
wafv2:CreateWebACL | Admin | |
wafv2:DeleteFirewallManagerRuleGroups | Admin | |
wafv2:DeleteIPSet | Admin | |
wafv2:DeleteLoggingConfiguration | Admin | |
wafv2:DeletePermissionPolicy | Admin | |
wafv2:DeleteRegexPatternSet | Admin | |
wafv2:DeleteRuleGroup | Admin | |
wafv2:DeleteWebACL | Admin | |
wafv2:DescribeManagedRuleGroup | Metadata | |
wafv2:DisassociateFirewallManager | Admin | |
wafv2:DisassociateWebACL | Admin | |
wafv2:GetIPSet | Metadata | |
wafv2:GetLoggingConfiguration | Metadata | |
wafv2:GetManagedRuleSet | Metadata | |
wafv2:GetPermissionPolicy | Metadata | |
wafv2:GetRateBasedStatementManagedKeys | Metadata | |
wafv2:GetRegexPatternSet | Metadata | |
wafv2:GetRuleGroup | Metadata | |
wafv2:GetSampledRequests | Metadata | |
wafv2:GetWebACL | Metadata | |
wafv2:GetWebACLForResource | Metadata | |
wafv2:ListAvailableManagedRuleGroups | Metadata | |
wafv2:ListIPSets | Metadata | |
wafv2:ListLoggingConfigurations | Metadata | |
wafv2:ListManagedRuleSets | Metadata | |
wafv2:ListRegexPatternSets | Metadata | |
wafv2:ListResourcesForWebACL | Metadata | |
wafv2:ListRuleGroups | Admin | |
wafv2:ListTagsForResource | Metadata | |
wafv2:ListWebACLs | Metadata | |
wafv2:PutFirewallManagerRuleGroups | Admin | |
wafv2:PutLoggingConfiguration | Admin | |
wafv2:PutManagedRuleSetVersions | Admin | |
wafv2:PutPermissionPolicy | Admin | |
wafv2:TagResource | Operator | |
wafv2:UntagResource | Operator | |
wafv2:UpdateIPSet | Admin | |
wafv2:UpdateManagedRuleSetVersionExpiryDate | Admin | |
wafv2:UpdateRegexPatternSet | Admin | |
wafv2:UpdateRuleGroup | Admin | |
wafv2:UpdateWebACL | Admin |