apigateway:SetWebACL

Permissions management

apigateway:SetWebACL is a Permissions management access-level action in the apigateway service. Grants permission to set a WAF access control list (ACL). This is an additional authorization control for managing the Stage resource due to the sensitive nature of WebAcl's

Resource types

ARNs that apigateway:SetWebACL can be scoped to in an IAM policy.

arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/stages/${StageName}
Stage
arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}/stages
Stages

Condition keys

Keys you can use in the Condition block of a policy that grants apigateway:SetWebACL.

apigateway:Request/AccessLoggingDestination String

Filters access by access log destination. Available during the CreateStage and UpdateStage operations

apigateway:Request/AccessLoggingFormat String

Filters access by access log format. Available during the CreateStage and UpdateStage operations

apigateway:Resource/AccessLoggingDestination String

Filters access by access log destination of the current Stage resource. Available during the UpdateStage and DeleteStage operations

apigateway:Resource/AccessLoggingFormat String

Filters access by access log format of the current Stage resource. Available during the UpdateStage and DeleteStage operations

aws:ResourceTag/${TagKey} String

Filters access by the tags attached to the resource

Example IAM policy

A minimal policy that allows apigateway:SetWebACL. Replace "Resource": "*" with a specific ARN to follow least privilege.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowApigatewaySetWebACL",
      "Effect": "Allow",
      "Action": "apigateway:SetWebACL",
      "Resource": "*"
    }
  ]
}

Related actions in apigateway

View all apigateway actions →