Closed kumudt closed 5 years ago
@kumudt I think the example policy had it already:
Anw, I'm not sure if it should be updated to use
"waf-regional:AssociateWebACL",
"waf-regional:DisassociateWebACL"
instead of
"waf:AssociateWebACL",
"waf:DisassociateWebACL"
@anhpham1509 It needs
"waf-regional:GetWebACLForResource",
"waf-regional:GetWebACL",
"waf-regional:AssociateWebACL",
"waf-regional:DisassociateWebACL",
"waf:GetWebACL"
These are invalid IAM Policy Rules
"waf:AssociateWebACL",
"waf:DisassociateWebACL"
Looks like there was some error in the IAM policy example. Whenever, I set a WebACL annotation on one of the ingresses, I get the following errors.
The issue is that policy doesn't have access to the waf-regional resources.
ALB Ingress Controller Version: on both v1.0-beta4 and v1.0-beta5.
Issue got resolved after making some changes to the policy. Will create a PR for the same.