2024/10/21 - AWS WAFV2 - 2 updated api methods
Changes Add a property to WebACL to indicate whether it's been retrofitted by Firewall Manager.
{'WebACL': {'RetrofittedByFirewallManager': 'boolean'}}
Retrieves the specified WebACL.
See also: AWS API Documentation
Request Syntax
client.get_web_acl( Name='string', Scope='CLOUDFRONT'|'REGIONAL', Id='string' )
string
[REQUIRED]
The name of the web ACL. You cannot change the name of a web ACL after you create it.
string
[REQUIRED]
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
string
[REQUIRED]
The unique identifier for the web ACL. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete.
dict
Response Syntax
# This section is too large to render. # Please see the AWS API Documentation linked below.
Response Structure
# This section is too large to render. # Please see the AWS API Documentation linked below.
{'WebACL': {'RetrofittedByFirewallManager': 'boolean'}}
Retrieves the WebACL for the specified resource.
This call uses GetWebACL, to verify that your account has permission to access the retrieved web ACL. If you get an error that indicates that your account isn't authorized to perform wafv2:GetWebACL on the resource, that error won't be included in your CloudTrail event history.
For Amazon CloudFront, don't use this call. Instead, call the CloudFront action GetDistributionConfig. For information, see GetDistributionConfig in the Amazon CloudFront API Reference.
Required permissions for customer-managed IAM policies
This call requires permissions that are specific to the protected resource type. For details, see Permissions for GetWebACLForResource in the WAF Developer Guide.
See also: AWS API Documentation
Request Syntax
client.get_web_acl_for_resource( ResourceArn='string' )
string
[REQUIRED]
The Amazon Resource Name (ARN) of the resource whose web ACL you want to retrieve.
The ARN must be in one of the following formats:
For an Application Load Balancer: arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
For an Amazon API Gateway REST API: arn:partition:apigateway:region::/restapis/api-id/stages/stage-name
For an AppSync GraphQL API: arn:partition:appsync:region:account-id:apis/GraphQLApiId
For an Amazon Cognito user pool: arn:partition:cognito-idp:region:account-id:userpool/user-pool-id
For an App Runner service: arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
For an Amazon Web Services Verified Access instance: arn:partition:ec2:region:account-id:verified-access-instance/instance-id
dict
Response Syntax
# This section is too large to render. # Please see the AWS API Documentation linked below.
Response Structure
# This section is too large to render. # Please see the AWS API Documentation linked below.