/AWS1/CL_WA2=>GETWEBACLFORRESOURCE()
¶
About GetWebACLForResource¶
Retrieves the WebACL for the specified resource.
This call uses GetWebACL
, to verify that your account has permission to access the retrieved web ACL.
If you get an error that indicates that your account isn't authorized to perform wafv2:GetWebACL
on the resource,
that error won't be included in your CloudTrail event history.
For Amazon CloudFront, don't use this call. Instead, call the CloudFront action
GetDistributionConfig
. For information, see GetDistributionConfig in the Amazon CloudFront API Reference.
Required permissions for customer-managed IAM policies
This call requires permissions that are specific to the protected resource type. For details, see Permissions for GetWebACLForResource in the WAF Developer Guide.
Method Signature¶
IMPORTING¶
Required arguments:¶
IV_RESOURCEARN
TYPE /AWS1/WA2RESOURCEARN
/AWS1/WA2RESOURCEARN
¶
The Amazon Resource Name (ARN) of the resource whose web ACL you want to retrieve.
The ARN must be in one of the following formats:
For an Application Load Balancer:
arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
For an Amazon API Gateway REST API:
arn:partition:apigateway:region::/restapis/api-id/stages/stage-name
For an AppSync GraphQL API:
arn:partition:appsync:region:account-id:apis/GraphQLApiId
For an Amazon Cognito user pool:
arn:partition:cognito-idp:region:account-id:userpool/user-pool-id
For an App Runner service:
arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
For an Amazon Web Services Verified Access instance:
arn:partition:ec2:region:account-id:verified-access-instance/instance-id