Not authorised to update WAF Managed rule set #3
Description
Hello,
I can across an issue with the IAM policy used for the lamba function when it attempted to update the managed rule set on the managed rule set.
This is the error I received:
Error: An error occurred (AccessDeniedException) when calling the UpdateWebACL operation: User: arn:aws:sts::xxxxxxxxxxx:assumed-role/xxxxxxxxxxx/xxxxxxxxxxx is not authorized to perform: wafv2:UpdateWebACL on resource: arn:aws:wafv2:ap-southeast-2:xxxxxxxxxxx:regional/managedruleset/
To overcome this issue, I applied the following to the CFN template.
- Effect: Allow
Action:- wafv2:UpdateWebACL
Resource: !Sub 'arn:aws:wafv2:${AWS::Region}:${AWS::AccountId}:regional/managedruleset/*'
- wafv2:UpdateWebACL
Is my workaround the best approach and is this expected behaviour?