Hello,
I can across an issue with the IAM policy used for the lamba function when it attempted to update the managed rule set on the managed rule set.
This is the error I received:
Error: An error occurred (AccessDeniedException) when calling the UpdateWebACL operation: User: arn:aws:sts::xxxxxxxxxxx:assumed-role/xxxxxxxxxxx/xxxxxxxxxxx is not authorized to perform: wafv2:UpdateWebACL on resource: arn:aws:wafv2:ap-southeast-2:xxxxxxxxxxx:regional/managedruleset/
To overcome this issue, I applied the following to the CFN template.
- Effect: Allow
Action:
- wafv2:UpdateWebACL
Resource: !Sub 'arn:aws:wafv2:${AWS::Region}:${AWS::AccountId}:regional/managedruleset/*'
Is my workaround the best approach and is this expected behaviour?
Hello,
I can across an issue with the IAM policy used for the lamba function when it attempted to update the managed rule set on the managed rule set.
This is the error I received:
Error: An error occurred (AccessDeniedException) when calling the UpdateWebACL operation: User: arn:aws:sts::xxxxxxxxxxx:assumed-role/xxxxxxxxxxx/xxxxxxxxxxx is not authorized to perform: wafv2:UpdateWebACL on resource: arn:aws:wafv2:ap-southeast-2:xxxxxxxxxxx:regional/managedruleset/
To overcome this issue, I applied the following to the CFN template.
Action:
Resource: !Sub 'arn:aws:wafv2:${AWS::Region}:${AWS::AccountId}:regional/managedruleset/*'
Is my workaround the best approach and is this expected behaviour?