wafv2:DisassociateWebACL

Write

wafv2:DisassociateWebACL is a Write access-level action in the wafv2 service. Grants permission to disassociate a WebACL from an application resource

Resource types

ARNs that wafv2:DisassociateWebACL can be scoped to in an IAM policy.

arn:${Partition}:bedrock-agentcore:${Region}:${Account}:gateway/${GatewayId}
agentcore-gateway
arn:${Partition}:amplify:${Region}:${Account}:apps/${AppId}
amplify-app
arn:${Partition}:apigateway:${Region}::/restapis/${ApiId}/stages/${StageName}
apigateway
arn:${Partition}:apprunner:${Region}:${Account}:service/${ServiceName}/${ServiceId}
apprunner
arn:${Partition}:appsync:${Region}:${Account}:apis/${GraphQLAPIId}
appsync
arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/app/${LoadBalancerName}/${LoadBalancerId}
loadbalancer/app/
arn:${Partition}:cognito-idp:${Region}:${Account}:userpool/${UserPoolId}
userpool
arn:${Partition}:ec2:${Region}:${Account}:verified-access-instance/${VerifiedAccessInstanceId}
verified-access-instance

Condition keys

No condition keys are documented for this action.

Dependent actions

To use wafv2:DisassociateWebACL you may also need to grant:

Example IAM policy

A minimal policy that allows wafv2:DisassociateWebACL. Replace "Resource": "*" with a specific ARN to follow least privilege.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowWafv2DisassociateWebACL",
      "Effect": "Allow",
      "Action": "wafv2:DisassociateWebACL",
      "Resource": "*"
    }
  ]
}

Related actions in wafv2

View all wafv2 actions →