WAFV2 / Client / disassociate_web_acl
disassociate_web_acl#
- WAFV2.Client.disassociate_web_acl(**kwargs)#
Disassociates the specified regional application resource from any existing web ACL association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.
For Amazon CloudFront, don’t use this call. Instead, use your CloudFront distribution configuration. To disassociate a web ACL, provide an empty web ACL ID in the CloudFront call
UpdateDistribution
. For information, see UpdateDistribution in the Amazon CloudFront API Reference.Required permissions for customer-managed IAM policies
This call requires permissions that are specific to the protected resource type. For details, see Permissions for DisassociateWebACL in the WAF Developer Guide.
See also: AWS API Documentation
Request Syntax
response = client.disassociate_web_acl( ResourceArn='string' )
- Parameters:
ResourceArn (string) –
[REQUIRED]
The Amazon Resource Name (ARN) of the resource to disassociate from the web ACL.
The ARN must be in one of the following formats:
For an Application Load Balancer:
arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
For an Amazon API Gateway REST API:
arn:partition:apigateway:region::/restapis/api-id/stages/stage-name
For an AppSync GraphQL API:
arn:partition:appsync:region:account-id:apis/GraphQLApiId
For an Amazon Cognito user pool:
arn:partition:cognito-idp:region:account-id:userpool/user-pool-id
For an App Runner service:
arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
For an Amazon Web Services Verified Access instance:
arn:partition:ec2:region:account-id:verified-access-instance/instance-id
- Return type:
dict
- Returns:
Response Syntax
{}
Response Structure
(dict) –
Exceptions