Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà.
# AWSWAFConsoleReadOnlyAccess
**Descrizione**: fornisce l'accesso in sola lettura a AWS WAF tramite. Console di gestione AWS Tieni presente che questa politica concede anche le autorizzazioni per elencare le CloudFront distribuzioni Amazon, le autorizzazioni per visualizzare i sistemi di bilanciamento del carico su Elastic Load AWS Balancing, le autorizzazioni per visualizzare i REST e le fasi di Amazon API Gateway, le autorizzazioni per elencare e visualizzare i parametri CloudWatch Amazon e le autorizzazioni per visualizzare le regioni abilitate all'interno dell'account. APIs
`AWSWAFConsoleReadOnlyAccess`è una [politica](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#aws-managed-policies) gestita.AWS
## Utilizzo di questa politica
È possibile associare la policy `AWSWAFConsoleReadOnlyAccess` a utenti, gruppi e ruoli.
## Dettagli della policy
+ **Tipo**: politica AWS gestita
+ **Ora di creazione**: 6 aprile 2020, 18:43 UTC
+ **Ora modificata:** 8 aprile 2026, 22:27 UTC
+ **ARN**: `arn:aws:iam::aws:policy/AWSWAFConsoleReadOnlyAccess`
## Versione della politica
**Versione della politica:** v20 (predefinita)
La versione predefinita della politica è la versione che definisce le autorizzazioni per la politica. Quando un utente o un ruolo con la politica effettua una richiesta di accesso a una AWS risorsa, AWS controlla la versione predefinita della politica per determinare se consentire la richiesta.
## Documento di policy JSON
```
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "AllowReadOnlyOfAWSWAFClassic",
"Effect" : "Allow",
"Action" : [
"waf:Get*",
"waf:List*",
"waf-regional:Get*",
"waf-regional:List*"
],
"Resource" : [
"arn:aws:waf::*:bytematchset/*",
"arn:aws:waf::*:ipset/*",
"arn:aws:waf::*:ratebasedrule/*",
"arn:aws:waf::*:rule/*",
"arn:aws:waf::*:sizeconstraintset/*",
"arn:aws:waf::*:sqlinjectionset/*",
"arn:aws:waf::*:webacl/*",
"arn:aws:waf::*:xssmatchset/*",
"arn:aws:waf::*:regexmatch/*",
"arn:aws:waf::*:regexpatternset/*",
"arn:aws:waf::*:geomatchset/*",
"arn:aws:waf::*:rulegroup/*",
"arn:aws:waf:*:*:changetoken/*",
"arn:aws:waf-regional:*:*:bytematchset/*",
"arn:aws:waf-regional:*:*:ipset/*",
"arn:aws:waf-regional:*:*:ratebasedrule/*",
"arn:aws:waf-regional:*:*:rule/*",
"arn:aws:waf-regional:*:*:sizeconstraintset/*",
"arn:aws:waf-regional:*:*:sqlinjectionset/*",
"arn:aws:waf-regional:*:*:webacl/*",
"arn:aws:waf-regional:*:*:xssmatchset/*",
"arn:aws:waf-regional:*:*:regexmatch/*",
"arn:aws:waf-regional:*:*:regexpatternset/*",
"arn:aws:waf-regional:*:*:geomatchset/*",
"arn:aws:waf-regional:*:*:rulegroup/*",
"arn:aws:waf-regional:*:*:changetoken/*"
]
},
{
"Sid" : "AllowWAFClassicGetWebACLForResource",
"Effect" : "Allow",
"Action" : [
"waf-regional:GetWebACLForResource"
],
"Resource" : "arn:aws:waf-regional:*:*:*/*"
},
{
"Sid" : "AllowReadOnlyOfAWSWAF",
"Effect" : "Allow",
"Action" : [
"wafv2:Get*",
"wafv2:List*",
"wafv2:Describe*",
"wafv2:CheckCapacity"
],
"Resource" : [
"arn:aws:wafv2:*:*:*/webacl/*/*",
"arn:aws:wafv2:*:*:*/ipset/*/*",
"arn:aws:wafv2:*:*:*/managedruleset/*/*",
"arn:aws:wafv2:*:*:*/rulegroup/*/*",
"arn:aws:wafv2:*:*:*/regexpatternset/*/*"
]
},
{
"Sid" : "AllowEC2DescribeRegions",
"Effect" : "Allow",
"Action" : [
"ec2:DescribeRegions"
],
"Resource" : "*"
},
{
"Sid" : "AllowListActionsForCloudWatch",
"Effect" : "Allow",
"Action" : [
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics"
],
"Resource" : "*"
},
{
"Sid" : "AllowGetActionForCloudFront",
"Effect" : "Allow",
"Action" : [
"cloudfront:GetDistributionConfig",
"cloudfront:GetDistribution"
],
"Resource" : "arn:aws:cloudfront::*:distribution/*"
},
{
"Sid" : "AllowListActionsForCloudFront",
"Effect" : "Allow",
"Action" : [
"cloudfront:ListDistributions",
"cloudfront:ListDistributionsByWebACLId"
],
"Resource" : "*"
},
{
"Sid" : "AllowGetActionForCloudFrontTenant",
"Effect" : "Allow",
"Action" : [
"cloudfront:GetDistributionTenant"
],
"Resource" : "arn:aws:cloudfront::*:distribution-tenant/*"
},
{
"Sid" : "AllowListActionsForCloudFrontTenant",
"Effect" : "Allow",
"Action" : [
"cloudfront:ListDistributionTenants",
"cloudfront:ListDistributionTenantsByCustomization"
],
"Resource" : "*"
},
{
"Sid" : "AllowGetActionsForALB",
"Effect" : "Allow",
"Action" : [
"elasticloadbalancing:GetLoadBalancerWebACL"
],
"Resource" : "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
},
{
"Sid" : "AllowListActionsForALB",
"Effect" : "Allow",
"Action" : [
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeWebACLAssociation"
],
"Resource" : "*"
},
{
"Sid" : "AllowListActionsForAPIGateway",
"Effect" : "Allow",
"Action" : [
"apigateway:GET"
],
"Resource" : "arn:aws:apigateway:*::/*"
},
{
"Sid" : "AllowGetActionsForAppSync",
"Effect" : "Allow",
"Action" : [
"appsync:GetWebACLForResource"
],
"Resource" : "arn:aws:appsync:*:*:apis/*"
},
{
"Sid" : "AllowListActionsForAppSync",
"Effect" : "Allow",
"Action" : [
"appsync:ListGraphqlApis",
"appsync:ListApis",
"appsync:ListResourcesForWebACL"
],
"Resource" : "*"
},
{
"Sid" : "AllowGetActionForCognito",
"Effect" : "Allow",
"Action" : [
"cognito-idp:GetWebACLForResource"
],
"Resource" : "arn:aws:cognito-idp:*:*:userpool/*"
},
{
"Sid" : "AllowListActionsForCognito",
"Effect" : "Allow",
"Action" : [
"cognito-idp:ListUserPools",
"cognito-idp:ListResourcesForWebACL"
],
"Resource" : "*"
},
{
"Sid" : "AllowGetActionForAppRunner",
"Effect" : "Allow",
"Action" : [
"apprunner:DescribeWebAclForService"
],
"Resource" : "arn:aws:apprunner:*:*:service/*/*"
},
{
"Sid" : "AllowListActionsForAppRunner",
"Effect" : "Allow",
"Action" : [
"apprunner:ListServices",
"apprunner:ListAssociatedServicesForWebAcl"
],
"Resource" : "*"
},
{
"Sid" : "AllowGetActionForAVA",
"Effect" : "Allow",
"Action" : [
"ec2:GetVerifiedAccessInstanceWebAcl"
],
"Resource" : "arn:aws:ec2:*:*:verified-access-instance/*"
},
{
"Sid" : "AllowListActionsForAVA",
"Effect" : "Allow",
"Action" : [
"ec2:DescribeVerifiedAccessInstances",
"ec2:DescribeVerifiedAccessInstanceWebAclAssociations"
],
"Resource" : "*"
},
{
"Sid" : "AllowGetActionForAmplify",
"Effect" : "Allow",
"Action" : [
"amplify:GetWebACLForResource"
],
"Resource" : "arn:aws:amplify:*:*:apps/*"
},
{
"Sid" : "AllowListActionsForAmplify",
"Effect" : "Allow",
"Action" : [
"amplify:ListApps",
"amplify:ListResourcesForWebACL"
],
"Resource" : "*"
},
{
"Sid" : "AllowS3ListAllMyBuckets",
"Effect" : "Allow",
"Action" : [
"s3:ListAllMyBuckets"
],
"Resource" : "*"
},
{
"Sid" : "AllowLogGroupDescribeActions",
"Effect" : "Allow",
"Action" : [
"logs:DescribeResourcePolicies",
"logs:DescribeLogGroups"
],
"Resource" : "*"
},
{
"Sid" : "AllowListActionForFirehoseStream",
"Effect" : "Allow",
"Action" : [
"firehose:ListDeliveryStreams"
],
"Resource" : "*"
},
{
"Sid" : "AllowActionsForPricing",
"Effect" : "Allow",
"Action" : [
"pricing:ListPriceLists",
"pricing:GetPriceListFileUrl"
],
"Resource" : "*"
},
{
"Sid" : "AllowMarketplaceViewSubscriptions",
"Effect" : "Allow",
"Action" : [
"aws-marketplace:ViewSubscriptions"
],
"Resource" : "*"
},
{
"Sid" : "AllowLogQueryActions",
"Effect" : "Allow",
"Action" : [
"logs:StartQuery",
"logs:DescribeQueryDefinitions",
"logs:GetQueryResults"
],
"Resource" : "arn:aws:logs:*:*:log-group:aws-waf-logs-*"
},
{
"Sid" : "AllowListActionsForPricingPlanManager",
"Effect" : "Allow",
"Action" : [
"pricingplanmanager:GetSubscription"
],
"Resource" : "arn:aws:pricingplanmanager::*:subscription:*"
},
{
"Sid" : "AllowListActionsForRoute53",
"Effect" : "Allow",
"Action" : [
"route53:ListHostedZones",
"route53:GetHostedZone"
],
"Resource" : "*"
},
{
"Sid" : "AllowListSubscriptionsForPricingPlanManager",
"Effect" : "Allow",
"Action" : [
"pricingplanmanager:ListSubscriptions"
],
"Resource" : "*"
}
]
}
```
## Ulteriori informazioni
+ [Crea un set di autorizzazioni utilizzando le policy AWS gestite in IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/howtocreatepermissionset.html)
+ [Aggiungere e rimuovere i permessi di identità IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html)
+ [Comprendi il controllo delle versioni per le politiche IAM](https://docs.aws.amazon.com//IAM/latest/UserGuide/access_policies_managed-versioning.html)
+ [Inizia con le policy AWS gestite e passa alle autorizzazioni con privilegi minimi](https://docs.aws.amazon.com//IAM/latest/UserGuide/best-practices.html#bp-use-aws-defined-policies)