AWS WAF V2 (IAM)

aws security

AWS WAF is a web application firewall that helps protect your web applications from common web exploits.

Common permissions

wafv2:ListWebACLswafv2:GetWebACLwafv2:ListRuleGroupswafv2:GetRuleGroupwafv2:ListIPSetswafv2:GetIPSetwafv2:GetSampledRequestswafv2:GetLoggingConfiguration

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "wafv2:ListWebACLs",
        "wafv2:GetWebACL",
        "wafv2:ListRuleGroups",
        "wafv2:GetRuleGroup",
        "wafv2:ListIPSets",
        "wafv2:GetIPSet",
        "wafv2:GetSampledRequests",
        "wafv2:GetLoggingConfiguration"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid wafv2:* — grants full control including web ACL and rule group deletion
Avoid wafv2:DeleteWebACL and wafv2:DeleteRuleGroup — can remove critical web application protections

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/wafv2/wafv2.json ↗

API

full doc /v1/iam/wafv2