Disassociate Web Acl
| wafv2_disassociate_web_acl | R Documentation |
Disassociates the specified regional application resource from any existing web ACL association¶
Description¶
Disassociates the specified regional application resource from any existing web ACL association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.
For Amazon CloudFront, don't use this call. Instead, use your CloudFront
distribution configuration. To disassociate a web ACL, provide an empty
web ACL ID in the CloudFront call UpdateDistribution. For information,
see
UpdateDistribution
in the Amazon CloudFront API Reference.
Required permissions for customer-managed IAM policies
This call requires permissions that are specific to the protected resource type. For details, see Permissions for DisassociateWebACL in the WAF Developer Guide.
Usage¶
Arguments¶
ResourceArn[required] The Amazon Resource Name (ARN) of the resource to disassociate from the web ACL.
The ARN must be in one of the following formats:
For an Application Load Balancer:
arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-idFor an Amazon API Gateway REST API:
arn:partition:apigateway:region::/restapis/api-id/stages/stage-name For an AppSync GraphQL API:
arn:partition:appsync:region:account-id:apis/GraphQLApiIdFor an Amazon Cognito user pool:
arn:partition:cognito-idp:region:account-id:userpool/user-pool-idFor an App Runner service:
arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-idFor an Amazon Web Services Verified Access instance:
arn:partition:ec2:region:account-id:verified-access-instance/instance-id
Value¶
An empty list.