En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

UnauthorizedOperation in WAFv2 WebACL listing panel using an user with AWSWAFFullAccess

0

I was trying to create an user with specific permissions to access and modify their own WAF ACL, and I ran into issues by starting to see UnauthorizedOperation without any kind of information (not even if some permission was faulty) in the Web ACLs panel even having full listing and read capabilities or even any other panel more than the initial one.

I changed the user to use AWSWAFFullAccess and tried several times using other web browser and re-login to avoid any kind of session cache, but it seems that still don't have access to WAF panels.

With another account, with the AdministratorAccess policy, I have full acccess.

I looked for information in AWS official documentation but found nothing related with some kind of hard-blocking to these panels.

Sujets
Sécurité, identité et conformité
Balises
AWS WAFPolitiques IAM
Langue
English
EchedeyLR
demandé il y a 2 ans216 vues
1 réponse
1
Réponse acceptée

You will need to add the AWSWAFConsoleFullAccess policy to the users' permissions.

AWSWAFFullAccess only grants access to resources. Here is documentation on using identity-based policies (IAM policies) for AWS WAF (https://docs.aws.amazon.com/waf/latest/developerguide/access-control-identity-based.html)

AWS
Shahna
répondu il y a 2 ans
profile picture
INGÉNIEUR EN ASSISTANCE TECHNIQUE
Monica_Lluis
vérifié il y a 2 ans
  • EchedeyLR
    il y a 2 ans

    Seems that the specific needed access was related to listing regions, which was a permission grouped inside EC2.

    I had to compare both policies and try/catch to find the specific permission.

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents