Note
This is AWS WAF Classic documentation. You should only use this version if you created AWS WAF resources, like rules and web ACLs, in AWS WAF prior to November 2019, and you have not migrated them over to the latest version yet. To migrate your resources, see Migrating your AWS WAF Classic resources to AWS WAF.
For the latest version of AWS WAF, see AWS WAF.
When you set up Access control and writing permissions policies that you can attach to an IAM identity (identity-based policies), you can use the following table as a reference. The table lists each AWS WAF Classic API operation, the corresponding actions for which you can grant permissions to perform the action, and the AWS resource for which you can grant the permissions. You specify the actions in the policy's Action field, and you specify the resource value in the policy's Resource field.
You can use AWS condition keys in your AWS WAF Classic policies to express conditions. For a complete list of AWS keys, see Available Keys for Conditions in the IAM User Guide.
Note
To specify an action, use the waf: prefix followed by the API operation name (for example, waf:CreateIPSet).