Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

UnauthorizedOperation in WAFv2 WebACL listing panel using an user with AWSWAFFullAccess

0

I was trying to create an user with specific permissions to access and modify their own WAF ACL, and I ran into issues by starting to see UnauthorizedOperation without any kind of information (not even if some permission was faulty) in the Web ACLs panel even having full listing and read capabilities or even any other panel more than the initial one.

I changed the user to use AWSWAFFullAccess and tried several times using other web browser and re-login to avoid any kind of session cache, but it seems that still don't have access to WAF panels.

With another account, with the AdministratorAccess policy, I have full acccess.

I looked for information in AWS official documentation but found nothing related with some kind of hard-blocking to these panels.

Argomenti
Sicurezza, identità e conformità
Tag
AWS WAFPolitiche IAM
Lingua
English
EchedeyLR
posta 2 anni fa216 visualizzazioni
1 Risposta
1
Risposta accettata

You will need to add the AWSWAFConsoleFullAccess policy to the users' permissions.

AWSWAFFullAccess only grants access to resources. Here is documentation on using identity-based policies (IAM policies) for AWS WAF (https://docs.aws.amazon.com/waf/latest/developerguide/access-control-identity-based.html)

AWS
Shahna
con risposta 2 anni fa
profile picture
TECNICO DI SUPPORTO
Monica_Lluis
verificato 2 anni fa
  • EchedeyLR
    2 anni fa

    Seems that the specific needed access was related to listing regions, which was a permission grouped inside EC2.

    I had to compare both policies and try/catch to find the specific permission.

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente