Skip to content

Put Permission Policy

wafv2_put_permission_policy R Documentation

Use this to share a rule group with other accounts

Description

Use this to share a rule group with other accounts.

This action attaches an IAM policy to the specified resource. You must be the owner of the rule group to perform this operation.

This action is subject to the following restrictions:

  • You can attach only one policy with each put_permission_policy request.

  • The ARN in the request must be a valid WAF RuleGroup ARN and the rule group must exist in the same Region.

  • The user making the request must be the owner of the rule group.

If a rule group has been shared with your account, you can access it through the call get_rule_group, and you can reference it in create_web_acl and update_web_acl. Rule groups that are shared with you don't appear in your WAF console rule groups listing.

Usage

wafv2_put_permission_policy(ResourceArn, Policy)

Arguments

ResourceArn

[required] The Amazon Resource Name (ARN) of the RuleGroup to which you want to attach the policy.

Policy

[required] The policy to attach to the specified rule group.

The policy specifications must conform to the following:

  • The policy must be composed using IAM Policy version 2012-10-17.

  • The policy must include specifications for Effect, Action, and Principal.

  • Effect must specify Allow.

  • Action must specify wafv2:CreateWebACL, wafv2:UpdateWebACL, and wafv2:PutFirewallManagerRuleGroups and may optionally specify wafv2:GetRuleGroup. WAF rejects any extra actions or wildcard actions in the policy.

  • The policy must not include a Resource parameter.

For more information, see IAM Policies.

Value

An empty list.

Request syntax

svc$put_permission_policy(
  ResourceArn = "string",
  Policy = "string"
)