# Web ACLs ### Retrieve a list of web access control lists (Web ACLs) available in your AWS accountawswafv2list-web-acls--scope<REGIONAL--region=<value>|CLOUDFRONT--region=us-east-1>## Retrieve details about the specified Web ACLawswafv2get-web-acl--name<value>--id<value>--scope<REGIONAL--region=<value>|CLOUDFRONT--region=us-east-1>## Retrieve a list of resources associated with a specific web access control list (Web ACL)awswafv2list-resources-for-web-acl--web-acl-arn<value># Additional permissions needed depending on the protected resource type: cognito-idp:ListResourcesForWebACL, ec2:DescribeVerifiedAccessInstanceWebAclAssociations or apprunner:ListAssociatedServicesForWebAcl## Retrieve the Web ACL associated with the specified AWS resourceawswafv2get-web-acl-for-resource--resource-arn<arn># Additional permissions needed depending on the protected resource type: cognito-idp:GetWebACLForResource, ec2:GetVerifiedAccessInstanceWebAcl, wafv2:GetWebACL or apprunner:DescribeWebAclForService# Rule groups ### List of the rule groups available in your AWS accountawswafv2list-rule-groups--scope<REGIONAL--region=<value>|CLOUDFRONT--region=us-east-1>## Retrieve the details of a specific rule groupawswafv2get-rule-group [--name <value>] [--id <value>] [--arn <value>] [--scope <REGIONAL--region=<value>|CLOUDFRONT--region=us-east-1>]## Retrieve the IAM policy attached to the specified rule groupawswafv2get-permission-policy--resource-arn<rule-group-arn># Just the owner of the Rule Group can do this operation# Managed rule groups (by AWS or by a third-party) ### List the managed rule groups that are availableawswafv2list-available-managed-rule-groups--scope<REGIONAL--region=<value>|CLOUDFRONT--region=us-east-1>## List the available versions of the specified managed rule groupawswafv2list-available-managed-rule-group-versions--vendor-name<value>--name<value>--scope<REGIONAL--region=<value>|CLOUDFRONT--region=us-east-1>## Retrieve high-level information about a specific managed rule groupawswafv2describe-managed-rule-group--vendor-name<value>--name<value>--scope<REGIONAL--region=<value>|CLOUDFRONT--region=us-east-1> [--version-name <value>]## Retrieve high-level information about all managed rule groupsawswafv2describe-all-managed-products--scope<REGIONAL--region=<value>|CLOUDFRONT--region=us-east-1>## Retrieve high-level information about all managed rule groups from a specific vendorawswafv2describe-managed-products-by-vendor--vendor-name<value>--scope<REGIONAL--region=<value>|CLOUDFRONT--region=us-east-1># IP sets ### List the IP sets that are available in your AWS accountawswafv2list-ip-sets--scope<REGIONAL--region=<value>|CLOUDFRONT--region=us-east-1>## Retrieve the specific IP setawswafv2get-ip-set--name<value>--id<value>--scope<REGIONAL--region=<value>|CLOUDFRONT--region=us-east-1>## Retrieve the keys that are currently being managed by a rate-based rule.awswafv2get-rate-based-statement-managed-keys--scope<REGIONAL--region=<value>|CLOUDFRONT--region=us-east-1>\--web-acl-name<value>--web-acl-id<value>--rule-name<value> [--rule-group-rule-name <value>]# Regex pattern sets ### List all the regex pattern sets that you manageawswafv2list-regex-pattern-sets--scope<REGIONAL--region=<value>|CLOUDFRONT--region=us-east-1>## Retrieves the specified regex pattern setsawswafv2get-regex-pattern-set--name<value>--id<value>--scope<REGIONAL--region=<value>|CLOUDFRONT--region=us-east-1># API Keys ### List API keys for the specified scopeawswafv2list-api-keys--scope<REGIONAL--region=<value>|CLOUDFRONT--region=us-east-1>## Retrieve decrypted API keyawswafv2get-decrypted-api-key--scope<REGIONAL--region=<value>|CLOUDFRONT--region=us-east-1>--api-key<value># Logs ### List of logging configurations (storage location of the logs)awswafv2list-logging-configurations--scope<REGIONAL--region=<value>|CLOUDFRONT--region=us-east-1> [--log-scope <value>]## Retrieve the logging configuration settings associated with a specific web ACLawswafv2get-logging-configuration--resource-arn<value> [--log-scope <CUSTOMER|SECURITY_LAKE>] [--log-type <value>]# Miscelaneous ### Retrieve a list of the tags associated to the specified resourceawswafv2list-tags-for-resourceresource-arn<value>## Retrieve a sample of web requests that match a specified rule within a WebACL during a specified time rangeawswafv2get-sampled-requests--web-acl-arn<value>--rule-metric-name<value>--time-window<value>--max-items<1-500>--scope<value>## Obtains the web ACL capacity unit (WCU) requirements for a specified scope and rulesetawswafv2check-capacity--scope<REGIONAL--region=<value>|CLOUDFRONT--region=us-east-1>--rules<value>## List of available releases for the AWS WAFv2 mobile SDKawswafv2list-mobile-sdk-releases--platform<IOS|ANDROID>## Retrieves information for the specified mobile SDK releaseawswafv2get-mobile-sdk-release--platform<value>--release-version<value>
# Create IP setawswafv2create-ip-set--name<value>--ip-address-version<IPV4|IPV6> --addresses<value>--scope<REGIONAL--region=<value>|CLOUDFRONT--region=us-east-1># Update IP setawswafv2update-ip-set--name<value>--id<value>--addresses<value>--lock-token<value>--scope<REGIONAL--region=<value>|CLOUDFRONT--region=us-east-1># Delete IP setawswafv2delete-ip-set--name<value>--id<value>--lock-token<value>--scope<REGIONAL--region=<value>|CLOUDFRONT--region=us-east-1>
