By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

UnauthorizedOperation in WAFv2 WebACL listing panel using an user with AWSWAFFullAccess

0

I was trying to create an user with specific permissions to access and modify their own WAF ACL, and I ran into issues by starting to see UnauthorizedOperation without any kind of information (not even if some permission was faulty) in the Web ACLs panel even having full listing and read capabilities or even any other panel more than the initial one.

I changed the user to use AWSWAFFullAccess and tried several times using other web browser and re-login to avoid any kind of session cache, but it seems that still don't have access to WAF panels.

With another account, with the AdministratorAccess policy, I have full acccess.

I looked for information in AWS official documentation but found nothing related with some kind of hard-blocking to these panels.

Topics
Security, Identity, & Compliance
Tags
AWS WAFIAM Policies
Language
English
EchedeyLR
asked 2 years ago207 views
1 Answer
1
Accepted Answer

You will need to add the AWSWAFConsoleFullAccess policy to the users' permissions.

AWSWAFFullAccess only grants access to resources. Here is documentation on using identity-based policies (IAM policies) for AWS WAF (https://docs.aws.amazon.com/waf/latest/developerguide/access-control-identity-based.html)

AWS
Shahna
answered 2 years ago
profile picture
SUPPORT ENGINEER
Monica_Lluis
reviewed 2 years ago
  • EchedeyLR
    2 years ago

    Seems that the specific needed access was related to listing regions, which was a permission grouped inside EC2.

    I had to compare both policies and try/catch to find the specific permission.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content