本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
AWSWAFFullAccess
描述:提供对 AWS WAF 操作的完全访问权限。
AWSWAFFullAccess是一个AWS 托管策略。
使用此策略
您可以将 AWSWAFFullAccess 附加到您的用户、组和角色。
策略详细信息
-
类型: AWS 托管策略
-
创建时间:2015 年 10 月 6 日 20:44 UTC
-
编辑时间:2023 年 6 月 5 日 20:55 UTC
-
ARN:
arn:aws:iam::aws:policy/AWSWAFFullAccess
策略版本
策略版本:v11(默认)
此策略的默认版本是定义策略权限的版本。当使用该策略的用户或角色请求访问 AWS 资源时, AWS 会检查策略的默认版本以确定是否允许该请求。
JSON 策略文档
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "AllowUseOfAWSWAF", "Effect" : "Allow", "Action" : [ "waf:*", "waf-regional:*", "wafv2:*", "elasticloadbalancing:SetWebACL", "apigateway:SetWebACL", "appsync:SetWebACL", "logs:DescribeResourcePolicies", "logs:DescribeLogGroups", "cognito-idp:AssociateWebACL", "cognito-idp:DisassociateWebACL", "cognito-idp:ListResourcesForWebACL", "cognito-idp:GetWebACLForResource", "apprunner:AssociateWebAcl", "apprunner:DisassociateWebAcl", "apprunner:DescribeWebAclForService", "apprunner:ListServices", "apprunner:ListAssociatedServicesForWebAcl", "ec2:AssociateVerifiedAccessInstanceWebAcl", "ec2:DisassociateVerifiedAccessInstanceWebAcl", "ec2:DescribeVerifiedAccessInstanceWebAclAssociations", "ec2:GetVerifiedAccessInstanceWebAcl" ], "Resource" : "*" }, { "Sid" : "AllowLogDeliverySubscription", "Effect" : "Allow", "Action" : [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery" ], "Resource" : "*" }, { "Sid" : "GrantLogDeliveryPermissionForS3Bucket", "Effect" : "Allow", "Action" : [ "s3:PutBucketPolicy", "s3:GetBucketPolicy" ], "Resource" : [ "arn:aws:s3:::aws-waf-logs-*" ] }, { "Sid" : "GrantLogDeliveryPermissionForCloudWatchLogGroup", "Effect" : "Allow", "Action" : [ "logs:PutResourcePolicy" ], "Resource" : "*", "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : [ "wafv2.amazonaws.com" ] } } } ] }
了解更多信息
