Search code examples
amazon-web-servicesamazon-waf

How to get AWS WAF Classic IP Set's ARN

Where I'll use the ARN

I want to use this ARN at a policy, like below.

  "Action": [
                "waf-regional:Get*",
                "waf-regional:List*",
                "waf:Get*",
                "waf:List*
            ],
            "Resource": "arn-that-i-need"

What I've Done

  • There is no column for ARN in AWS WAF Classic IP Set Console. Console UI Image

  • There is no ARN output in aws cli

Solution

  • I find it on aws waf classic docs, apparently you can see resources' arn formats on permission page of a service.

    • For Global: arn:aws:waf::<root-account-id>:ipset/<ip-set-id>
    • For Regional: arn:aws:waf-regional:<region>:<account-id>:ipset/<ip-set-id>