As traduções são geradas por tradução automática. Em caso de conflito entre o conteúdo da tradução e da versão original em inglês, a versão em inglês prevalecerá.
# AWSWAFConsoleReadOnlyAccess
**Descrição**: Fornece acesso somente de leitura ao AWS WAF por meio do. Console de gerenciamento da AWS Observe que essa política também concede permissões para listar CloudFront distribuições da Amazon, permissões para visualizar balanceadores de carga no AWS Elastic Load Balancing, permissões para visualizar o APIs REST e os estágios do Amazon API Gateway, permissões para listar e visualizar métricas CloudWatch da Amazon e permissões para visualizar regiões habilitadas na conta.
`AWSWAFConsoleReadOnlyAccess` é uma [política gerenciada pelo AWS](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#aws-managed-policies).
## Utilização desta política
Você pode vincular a `AWSWAFConsoleReadOnlyAccess` aos seus usuários, grupos e perfis.
## Detalhes desta política
+ **Tipo**: política AWS gerenciada
+ **Hora da criação**: 06 de abril de 2020, 18:43 UTC
+ **Horário editado:** 08 de abril de 2026, 22:27 UTC
+ **ARN**: `arn:aws:iam::aws:policy/AWSWAFConsoleReadOnlyAccess`
## Versão da política
**Versão da política:** v20 (padrão)
A versão padrão da política é aquela que define as permissões desta política. Quando um usuário ou função da política faz uma solicitação para acessar um AWS recurso, AWS verifica a versão padrão da política para determinar se a solicitação deve ser permitida.
## Documento da política JSON
```
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "AllowReadOnlyOfAWSWAFClassic",
"Effect" : "Allow",
"Action" : [
"waf:Get*",
"waf:List*",
"waf-regional:Get*",
"waf-regional:List*"
],
"Resource" : [
"arn:aws:waf::*:bytematchset/*",
"arn:aws:waf::*:ipset/*",
"arn:aws:waf::*:ratebasedrule/*",
"arn:aws:waf::*:rule/*",
"arn:aws:waf::*:sizeconstraintset/*",
"arn:aws:waf::*:sqlinjectionset/*",
"arn:aws:waf::*:webacl/*",
"arn:aws:waf::*:xssmatchset/*",
"arn:aws:waf::*:regexmatch/*",
"arn:aws:waf::*:regexpatternset/*",
"arn:aws:waf::*:geomatchset/*",
"arn:aws:waf::*:rulegroup/*",
"arn:aws:waf:*:*:changetoken/*",
"arn:aws:waf-regional:*:*:bytematchset/*",
"arn:aws:waf-regional:*:*:ipset/*",
"arn:aws:waf-regional:*:*:ratebasedrule/*",
"arn:aws:waf-regional:*:*:rule/*",
"arn:aws:waf-regional:*:*:sizeconstraintset/*",
"arn:aws:waf-regional:*:*:sqlinjectionset/*",
"arn:aws:waf-regional:*:*:webacl/*",
"arn:aws:waf-regional:*:*:xssmatchset/*",
"arn:aws:waf-regional:*:*:regexmatch/*",
"arn:aws:waf-regional:*:*:regexpatternset/*",
"arn:aws:waf-regional:*:*:geomatchset/*",
"arn:aws:waf-regional:*:*:rulegroup/*",
"arn:aws:waf-regional:*:*:changetoken/*"
]
},
{
"Sid" : "AllowWAFClassicGetWebACLForResource",
"Effect" : "Allow",
"Action" : [
"waf-regional:GetWebACLForResource"
],
"Resource" : "arn:aws:waf-regional:*:*:*/*"
},
{
"Sid" : "AllowReadOnlyOfAWSWAF",
"Effect" : "Allow",
"Action" : [
"wafv2:Get*",
"wafv2:List*",
"wafv2:Describe*",
"wafv2:CheckCapacity"
],
"Resource" : [
"arn:aws:wafv2:*:*:*/webacl/*/*",
"arn:aws:wafv2:*:*:*/ipset/*/*",
"arn:aws:wafv2:*:*:*/managedruleset/*/*",
"arn:aws:wafv2:*:*:*/rulegroup/*/*",
"arn:aws:wafv2:*:*:*/regexpatternset/*/*"
]
},
{
"Sid" : "AllowEC2DescribeRegions",
"Effect" : "Allow",
"Action" : [
"ec2:DescribeRegions"
],
"Resource" : "*"
},
{
"Sid" : "AllowListActionsForCloudWatch",
"Effect" : "Allow",
"Action" : [
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics"
],
"Resource" : "*"
},
{
"Sid" : "AllowGetActionForCloudFront",
"Effect" : "Allow",
"Action" : [
"cloudfront:GetDistributionConfig",
"cloudfront:GetDistribution"
],
"Resource" : "arn:aws:cloudfront::*:distribution/*"
},
{
"Sid" : "AllowListActionsForCloudFront",
"Effect" : "Allow",
"Action" : [
"cloudfront:ListDistributions",
"cloudfront:ListDistributionsByWebACLId"
],
"Resource" : "*"
},
{
"Sid" : "AllowGetActionForCloudFrontTenant",
"Effect" : "Allow",
"Action" : [
"cloudfront:GetDistributionTenant"
],
"Resource" : "arn:aws:cloudfront::*:distribution-tenant/*"
},
{
"Sid" : "AllowListActionsForCloudFrontTenant",
"Effect" : "Allow",
"Action" : [
"cloudfront:ListDistributionTenants",
"cloudfront:ListDistributionTenantsByCustomization"
],
"Resource" : "*"
},
{
"Sid" : "AllowGetActionsForALB",
"Effect" : "Allow",
"Action" : [
"elasticloadbalancing:GetLoadBalancerWebACL"
],
"Resource" : "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*"
},
{
"Sid" : "AllowListActionsForALB",
"Effect" : "Allow",
"Action" : [
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeWebACLAssociation"
],
"Resource" : "*"
},
{
"Sid" : "AllowListActionsForAPIGateway",
"Effect" : "Allow",
"Action" : [
"apigateway:GET"
],
"Resource" : "arn:aws:apigateway:*::/*"
},
{
"Sid" : "AllowGetActionsForAppSync",
"Effect" : "Allow",
"Action" : [
"appsync:GetWebACLForResource"
],
"Resource" : "arn:aws:appsync:*:*:apis/*"
},
{
"Sid" : "AllowListActionsForAppSync",
"Effect" : "Allow",
"Action" : [
"appsync:ListGraphqlApis",
"appsync:ListApis",
"appsync:ListResourcesForWebACL"
],
"Resource" : "*"
},
{
"Sid" : "AllowGetActionForCognito",
"Effect" : "Allow",
"Action" : [
"cognito-idp:GetWebACLForResource"
],
"Resource" : "arn:aws:cognito-idp:*:*:userpool/*"
},
{
"Sid" : "AllowListActionsForCognito",
"Effect" : "Allow",
"Action" : [
"cognito-idp:ListUserPools",
"cognito-idp:ListResourcesForWebACL"
],
"Resource" : "*"
},
{
"Sid" : "AllowGetActionForAppRunner",
"Effect" : "Allow",
"Action" : [
"apprunner:DescribeWebAclForService"
],
"Resource" : "arn:aws:apprunner:*:*:service/*/*"
},
{
"Sid" : "AllowListActionsForAppRunner",
"Effect" : "Allow",
"Action" : [
"apprunner:ListServices",
"apprunner:ListAssociatedServicesForWebAcl"
],
"Resource" : "*"
},
{
"Sid" : "AllowGetActionForAVA",
"Effect" : "Allow",
"Action" : [
"ec2:GetVerifiedAccessInstanceWebAcl"
],
"Resource" : "arn:aws:ec2:*:*:verified-access-instance/*"
},
{
"Sid" : "AllowListActionsForAVA",
"Effect" : "Allow",
"Action" : [
"ec2:DescribeVerifiedAccessInstances",
"ec2:DescribeVerifiedAccessInstanceWebAclAssociations"
],
"Resource" : "*"
},
{
"Sid" : "AllowGetActionForAmplify",
"Effect" : "Allow",
"Action" : [
"amplify:GetWebACLForResource"
],
"Resource" : "arn:aws:amplify:*:*:apps/*"
},
{
"Sid" : "AllowListActionsForAmplify",
"Effect" : "Allow",
"Action" : [
"amplify:ListApps",
"amplify:ListResourcesForWebACL"
],
"Resource" : "*"
},
{
"Sid" : "AllowS3ListAllMyBuckets",
"Effect" : "Allow",
"Action" : [
"s3:ListAllMyBuckets"
],
"Resource" : "*"
},
{
"Sid" : "AllowLogGroupDescribeActions",
"Effect" : "Allow",
"Action" : [
"logs:DescribeResourcePolicies",
"logs:DescribeLogGroups"
],
"Resource" : "*"
},
{
"Sid" : "AllowListActionForFirehoseStream",
"Effect" : "Allow",
"Action" : [
"firehose:ListDeliveryStreams"
],
"Resource" : "*"
},
{
"Sid" : "AllowActionsForPricing",
"Effect" : "Allow",
"Action" : [
"pricing:ListPriceLists",
"pricing:GetPriceListFileUrl"
],
"Resource" : "*"
},
{
"Sid" : "AllowMarketplaceViewSubscriptions",
"Effect" : "Allow",
"Action" : [
"aws-marketplace:ViewSubscriptions"
],
"Resource" : "*"
},
{
"Sid" : "AllowLogQueryActions",
"Effect" : "Allow",
"Action" : [
"logs:StartQuery",
"logs:DescribeQueryDefinitions",
"logs:GetQueryResults"
],
"Resource" : "arn:aws:logs:*:*:log-group:aws-waf-logs-*"
},
{
"Sid" : "AllowListActionsForPricingPlanManager",
"Effect" : "Allow",
"Action" : [
"pricingplanmanager:GetSubscription"
],
"Resource" : "arn:aws:pricingplanmanager::*:subscription:*"
},
{
"Sid" : "AllowListActionsForRoute53",
"Effect" : "Allow",
"Action" : [
"route53:ListHostedZones",
"route53:GetHostedZone"
],
"Resource" : "*"
},
{
"Sid" : "AllowListSubscriptionsForPricingPlanManager",
"Effect" : "Allow",
"Action" : [
"pricingplanmanager:ListSubscriptions"
],
"Resource" : "*"
}
]
}
```
## Saiba mais
+ [Crie um conjunto de permissões usando políticas AWS gerenciadas no IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/howtocreatepermissionset.html)
+ [Adicionar e remover permissões de identidade IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html)
+ [Compreenda o controle de versionamento das políticas do IAM](https://docs.aws.amazon.com//IAM/latest/UserGuide/access_policies_managed-versioning.html)
+ [Comece com políticas AWS gerenciadas e adote permissões com privilégios mínimos](https://docs.aws.amazon.com//IAM/latest/UserGuide/best-practices.html#bp-use-aws-defined-policies)