WAFV2 / Client / disassociate_web_acl

disassociate_web_acl#

WAFV2.Client.disassociate_web_acl(**kwargs)#

Disassociates the specified regional application resource from any existing web ACL association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

For Amazon CloudFront, don’t use this call. Instead, use your CloudFront distribution configuration. To disassociate a web ACL, provide an empty web ACL ID in the CloudFront call UpdateDistribution. For information, see UpdateDistribution in the Amazon CloudFront API Reference.

Required permissions for customer-managed IAM policies

This call requires permissions that are specific to the protected resource type. For details, see Permissions for DisassociateWebACL in the WAF Developer Guide.

Request Syntax

response = client.disassociate_web_acl(
    ResourceArn='string'
)

Parameters:

ResourceArn (string) –

[REQUIRED]

The Amazon Resource Name (ARN) of the resource to disassociate from the web ACL.

The ARN must be in one of the following formats:

For an Application Load Balancer: arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
For an Amazon API Gateway REST API: arn:partition:apigateway:region::/restapis/api-id/stages/stage-name
For an AppSync GraphQL API: arn:partition:appsync:region:account-id:apis/GraphQLApiId
For an Amazon Cognito user pool: arn:partition:cognito-idp:region:account-id:userpool/user-pool-id
For an App Runner service: arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
For an Amazon Web Services Verified Access instance: arn:partition:ec2:region:account-id:verified-access-instance/instance-id

Return type:

dict

Returns:

Response Syntax

{}

Response Structure

(dict) –