:doc:`WAFV2 <../../wafv2>` / Client / get_web_acl_for_resource

************************
get_web_acl_for_resource
************************



.. py:method:: WAFV2.Client.get_web_acl_for_resource(**kwargs)

  

  Retrieves the  WebACL for the specified resource.

   

  This call uses ``GetWebACL``, to verify that your account has permission to access the retrieved web ACL. If you get an error that indicates that your account isn't authorized to perform ``wafv2:GetWebACL`` on the resource, that error won't be included in your CloudTrail event history.

   

  For Amazon CloudFront, don't use this call. Instead, call the CloudFront action ``GetDistributionConfig``. For information, see `GetDistributionConfig <https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_GetDistributionConfig.html>`__ in the *Amazon CloudFront API Reference*.

   

  **Required permissions for customer-managed IAM policies**

   

  This call requires permissions that are specific to the protected resource type. For details, see `Permissions for GetWebACLForResource <https://docs.aws.amazon.com/waf/latest/developerguide/security_iam_service-with-iam.html#security_iam_action-GetWebACLForResource>`__ in the *WAF Developer Guide*.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetWebACLForResource>`_  


  **Request Syntax**
  ::

    response = client.get_web_acl_for_resource(
        ResourceArn='string'
    )
    
  :type ResourceArn: string
  :param ResourceArn: **[REQUIRED]** 

    The Amazon Resource Name (ARN) of the resource whose web ACL you want to retrieve.

     

    The ARN must be in one of the following formats:

     

    
    * For an Application Load Balancer: ``arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id``
     
    * For an Amazon API Gateway REST API: ``arn:partition:apigateway:region::/restapis/api-id/stages/stage-name``
     
    * For an AppSync GraphQL API: ``arn:partition:appsync:region:account-id:apis/GraphQLApiId``
     
    * For an Amazon Cognito user pool: ``arn:partition:cognito-idp:region:account-id:userpool/user-pool-id``
     
    * For an App Runner service: ``arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id``
     
    * For an Amazon Web Services Verified Access instance: ``arn:partition:ec2:region:account-id:verified-access-instance/instance-id``
     
    * For an Amplify application: ``arn:partition:amplify:region:account-id:apps/app-id``
    

    

  
  
  :rtype: dict
  :returns: 
    

    **Response Syntax**
    ::

        # This section is too large to render.
        # Please see the AWS API Documentation linked below.

    `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetWebACLForResource>`_


    

    **Response Structure**
    ::

        # This section is too large to render.
        # Please see the AWS API Documentation linked below.

    `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetWebACLForResource>`_


    
  **Exceptions**
  
  *   :py:class:`WAFV2.Client.exceptions.WAFInternalErrorException`

  
  *   :py:class:`WAFV2.Client.exceptions.WAFNonexistentItemException`

  
  *   :py:class:`WAFV2.Client.exceptions.WAFInvalidParameterException`

  
  *   :py:class:`WAFV2.Client.exceptions.WAFUnavailableEntityException`

  
  *   :py:class:`WAFV2.Client.exceptions.WAFInvalidOperationException`

  