wafv2:ListResourcesForWebACL

List

wafv2:ListResourcesForWebACL is a List access-level action in the wafv2 service. Grants permission to retrieve an array of the Amazon Resource Names (ARNs) for the resources that are associated with a web ACL

Resource types

ARNs that wafv2:ListResourcesForWebACL can be scoped to in an IAM policy.

arn:${Partition}:wafv2:${Region}:${Account}:${Scope}/webacl/${Name}/${Id}
webacl
arn:${Partition}:bedrock-agentcore:${Region}:${Account}:gateway/${GatewayId}
agentcore-gateway
arn:${Partition}:amplify:${Region}:${Account}:apps/${AppId}
amplify-app
arn:${Partition}:apprunner:${Region}:${Account}:service/${ServiceName}/${ServiceId}
apprunner
arn:${Partition}:cognito-idp:${Region}:${Account}:userpool/${UserPoolId}
userpool
arn:${Partition}:ec2:${Region}:${Account}:verified-access-instance/${VerifiedAccessInstanceId}
verified-access-instance

Condition keys

Keys you can use in the Condition block of a policy that grants wafv2:ListResourcesForWebACL.

aws:ResourceTag/${TagKey} String

Filters access by tag-value associated with the resource

Dependent actions

To use wafv2:ListResourcesForWebACL you may also need to grant:

Example IAM policy

A minimal policy that allows wafv2:ListResourcesForWebACL. Replace "Resource": "*" with a specific ARN to follow least privilege.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowWafv2ListResourcesForWebACL",
      "Effect": "Allow",
      "Action": "wafv2:ListResourcesForWebACL",
      "Resource": "*"
    }
  ]
}

Related actions in wafv2

View all wafv2 actions →