Policy: AWSWAFConsoleReadOnlyAccess

ARN: arn:aws:iam::aws:policy/AWSWAFConsoleReadOnlyAccess

Allowed Actions

Actions	Services
apigateway:GET	apigateway
apprunner:DescribeWebAclForService	apprunner
apprunner:ListAssociatedServicesForWebAcl	apprunner
apprunner:ListServices	apprunner
appsync:ListGraphqlApis	appsync
cloudfront:ListDistributions	cloudfront
cloudfront:ListDistributionsByWebACLId	cloudfront
cloudwatch:GetMetricData	cloudwatch
cloudwatch:GetMetricStatistics	cloudwatch
cloudwatch:ListMetrics	cloudwatch
cognito-idp:GetWebACLForResource	cognito-idp
cognito-idp:ListResourcesForWebACL	cognito-idp
cognito-idp:ListUserPools	cognito-idp
ec2:DescribeRegions	ec2
ec2:DescribeVerifiedAccessInstanceWebAclAssociations	ec2
ec2:DescribeVerifiedAccessInstances	ec2
ec2:GetVerifiedAccessInstanceWebAcl	ec2
elasticloadbalancing:DescribeLoadBalancers	elasticloadbalancing
waf:Get*	waf
waf:List*	waf
waf-regional:Get*	waf-regional
waf-regional:List*	waf-regional
wafv2:CheckCapacity	wafv2
wafv2:Describe*	wafv2
wafv2:Get*	wafv2
wafv2:List*	wafv2