Turbot Guardrails Hub 
Hub
Mods
AWS
174
Mods
455
Resource Types
7,428
Policies
2,569
Controls
1,665
Quick Actions
534
IAM

IAM Role: AWS/WAF/Admin

PermissionGrant
waf:CreateByteMatchSetAdmin
waf:CreateGeoMatchSetAdmin
waf:CreateIPSetAdmin
waf:CreateRateBasedRuleAdmin
waf:CreateRegexMatchSetAdmin
waf:CreateRegexPatternSetAdmin
waf:CreateRuleAdmin
waf:CreateRuleGroupAdmin
waf:CreateSizeConstraintSetAdmin
waf:CreateSqlInjectionMatchSetAdmin
waf:CreateWebACLAdmin
waf:CreateWebACLMigrationStackAdmin
waf:CreateXssMatchSetAdmin
waf:DeleteByteMatchSetAdmin
waf:DeleteGeoMatchSetAdmin
waf:DeleteIPSetAdmin
waf:DeleteLoggingConfigurationAdmin
waf:DeletePermissionPolicyAdmin
waf:DeleteRateBasedRuleAdmin
waf:DeleteRegexMatchSetAdmin
waf:DeleteRegexPatternSetAdmin
waf:DeleteRuleAdmin
waf:DeleteRuleGroupAdmin
waf:DeleteSizeConstraintSetAdmin
waf:DeleteSqlInjectionMatchSetAdmin
waf:DeleteWebACLAdmin
waf:DeleteXssMatchSetAdmin
waf:PutLoggingConfigurationAdmin
waf:PutPermissionPolicyAdmin
waf:UpdateByteMatchSetAdmin
waf:UpdateGeoMatchSetAdmin
waf:UpdateIPSetAdmin
waf:UpdateRateBasedRuleAdmin
waf:UpdateRegexMatchSetAdmin
waf:UpdateRegexPatternSetAdmin
waf:UpdateRuleAdmin
waf:UpdateRuleGroupAdmin
waf:UpdateSizeConstraintSetAdmin
waf:UpdateSqlInjectionMatchSetAdmin
waf:UpdateWebACLAdmin
waf:UpdateXssMatchSetAdmin
wafv2:AssociateWebACLAdmin
wafv2:CreateIPSetAdmin
wafv2:CreateRegexPatternSetAdmin
wafv2:CreateRuleGroupAdmin
wafv2:CreateWebACLAdmin
wafv2:DeleteFirewallManagerRuleGroupsAdmin
wafv2:DeleteIPSetAdmin
wafv2:DeleteLoggingConfigurationAdmin
wafv2:DeletePermissionPolicyAdmin
wafv2:DeleteRegexPatternSetAdmin
wafv2:DeleteRuleGroupAdmin
wafv2:DeleteWebACLAdmin
wafv2:DisassociateFirewallManagerAdmin
wafv2:DisassociateWebACLAdmin
wafv2:ListRuleGroupsAdmin
wafv2:PutFirewallManagerRuleGroupsAdmin
wafv2:PutLoggingConfigurationAdmin
wafv2:PutManagedRuleSetVersionsAdmin
wafv2:PutPermissionPolicyAdmin
wafv2:UpdateIPSetAdmin
wafv2:UpdateManagedRuleSetVersionExpiryDateAdmin
wafv2:UpdateRegexPatternSetAdmin
wafv2:UpdateRuleGroupAdmin
wafv2:UpdateWebACLAdmin
waf:TagResourceOperator
waf:UntagResourceOperator
wafv2:TagResourceOperator
wafv2:UntagResourceOperator
waf:GetIPSetReadOnly
waf:GetPermissionPolicyReadOnly
waf:GetRateBasedRuleReadOnly
waf:GetRateBasedRuleManagedKeysReadOnly
waf:GetWebACLReadOnly
waf:GetByteMatchSetMetadata
waf:GetChangeTokenMetadata
waf:GetChangeTokenStatusMetadata
waf:GetGeoMatchSetMetadata
waf:GetLoggingConfigurationMetadata
waf:GetRegexMatchSetMetadata
waf:GetRegexPatternSetMetadata
waf:GetRuleMetadata
waf:GetRuleGroupMetadata
waf:GetSampledRequestsMetadata
waf:GetSizeConstraintSetMetadata
waf:GetSqlInjectionMatchSetMetadata
waf:GetXssMatchSetMetadata
waf:ListActivatedRulesInRuleGroupMetadata
waf:ListByteMatchSetsMetadata
waf:ListGeoMatchSetsMetadata
waf:ListIPSetsMetadata
waf:ListLoggingConfigurationsMetadata
waf:ListRateBasedRulesMetadata
waf:ListRegexMatchSetsMetadata
waf:ListRegexPatternSetsMetadata
waf:ListRuleGroupsMetadata
waf:ListRulesMetadata
waf:ListSizeConstraintSetsMetadata
waf:ListSqlInjectionMatchSetsMetadata
waf:ListSubscribedRuleGroupsMetadata
waf:ListTagsForResourceMetadata
waf:ListWebACLsMetadata
waf:ListXssMatchSetsMetadata
wafv2:CheckCapacityMetadata
wafv2:DescribeManagedRuleGroupMetadata
wafv2:GetIPSetMetadata
wafv2:GetLoggingConfigurationMetadata
wafv2:GetManagedRuleSetMetadata
wafv2:GetPermissionPolicyMetadata
wafv2:GetRateBasedStatementManagedKeysMetadata
wafv2:GetRegexPatternSetMetadata
wafv2:GetRuleGroupMetadata
wafv2:GetSampledRequestsMetadata
wafv2:GetWebACLMetadata
wafv2:GetWebACLForResourceMetadata
wafv2:ListAvailableManagedRuleGroupsMetadata
wafv2:ListIPSetsMetadata
wafv2:ListLoggingConfigurationsMetadata
wafv2:ListManagedRuleSetsMetadata
wafv2:ListRegexPatternSetsMetadata
wafv2:ListResourcesForWebACLMetadata
wafv2:ListTagsForResourceMetadata
wafv2:ListWebACLsMetadata