AWS WAFV2

2024/10/21 - AWS WAFV2 - 2 updated api methods

Changes  Add a property to WebACL to indicate whether it's been retrofitted by Firewall Manager.

GetWebACL (updated) Link ¶
Changes (response)
{'WebACL': {'RetrofittedByFirewallManager': 'boolean'}}

Retrieves the specified WebACL.

See also: AWS API Documentation

Request Syntax

client.get_web_acl(
    Name='string',
    Scope='CLOUDFRONT'|'REGIONAL',
    Id='string'
)
type Name:

string

param Name:

[REQUIRED]

The name of the web ACL. You cannot change the name of a web ACL after you create it.

type Scope:

string

param Scope:

[REQUIRED]

Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

  • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

  • API and SDKs - For all calls, use the Region endpoint us-east-1.

type Id:

string

param Id:

[REQUIRED]

The unique identifier for the web ACL. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete.

rtype:

dict

returns:

Response Syntax

# This section is too large to render.
# Please see the AWS API Documentation linked below.

AWS API Documentation

Response Structure

# This section is too large to render.
# Please see the AWS API Documentation linked below.

AWS API Documentation

GetWebACLForResource (updated) Link ¶
Changes (response)
{'WebACL': {'RetrofittedByFirewallManager': 'boolean'}}

Retrieves the WebACL for the specified resource.

This call uses GetWebACL, to verify that your account has permission to access the retrieved web ACL. If you get an error that indicates that your account isn't authorized to perform wafv2:GetWebACL on the resource, that error won't be included in your CloudTrail event history.

For Amazon CloudFront, don't use this call. Instead, call the CloudFront action GetDistributionConfig. For information, see GetDistributionConfig in the Amazon CloudFront API Reference.

Required permissions for customer-managed IAM policies

This call requires permissions that are specific to the protected resource type. For details, see Permissions for GetWebACLForResource in the WAF Developer Guide.

See also: AWS API Documentation

Request Syntax

client.get_web_acl_for_resource(
    ResourceArn='string'
)
type ResourceArn:

string

param ResourceArn:

[REQUIRED]

The Amazon Resource Name (ARN) of the resource whose web ACL you want to retrieve.

The ARN must be in one of the following formats:

  • For an Application Load Balancer: arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id

  • For an Amazon API Gateway REST API: arn:partition:apigateway:region::/restapis/api-id/stages/stage-name

  • For an AppSync GraphQL API: arn:partition:appsync:region:account-id:apis/GraphQLApiId

  • For an Amazon Cognito user pool: arn:partition:cognito-idp:region:account-id:userpool/user-pool-id

  • For an App Runner service: arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id

  • For an Amazon Web Services Verified Access instance: arn:partition:ec2:region:account-id:verified-access-instance/instance-id

rtype:

dict

returns:

Response Syntax

# This section is too large to render.
# Please see the AWS API Documentation linked below.

AWS API Documentation

Response Structure

# This section is too large to render.
# Please see the AWS API Documentation linked below.

AWS API Documentation