apigateway:SetWebACL is a Permissions management access-level action in the apigateway service. Grants permission to set a WAF access control list (ACL). This is an additional authorization control for managing the Stage resource due to the sensitive nature of WebAcl's
ARNs that apigateway:SetWebACL can be scoped to in an IAM policy.
Keys you can use in the Condition block of a policy that grants apigateway:SetWebACL.
Filters access by access log destination. Available during the CreateStage and UpdateStage operations
Filters access by access log format. Available during the CreateStage and UpdateStage operations
Filters access by access log destination of the current Stage resource. Available during the UpdateStage and DeleteStage operations
Filters access by access log format of the current Stage resource. Available during the UpdateStage and DeleteStage operations
Filters access by the tags attached to the resource
A minimal policy that allows apigateway:SetWebACL. Replace "Resource": "*" with a specific ARN to follow least privilege.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowApigatewaySetWebACL",
"Effect": "Allow",
"Action": "apigateway:SetWebACL",
"Resource": "*"
}
]
}