wafv2:GetDecryptedAPIKey is a Read access-level action in the wafv2 service. Grants permission to return your API key in decrypted form. Use this to check the token domains that you have defined for the key
This action does not support resource-level permissions; use "Resource": "*" in your policy.
No condition keys are documented for this action.
A minimal policy that allows wafv2:GetDecryptedAPIKey. Replace "Resource": "*" with a specific ARN to follow least privilege.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowWafv2GetDecryptedAPIKey",
"Effect": "Allow",
"Action": "wafv2:GetDecryptedAPIKey",
"Resource": "*"
}
]
}