WAFV2 / Client / put_permission_policy
put_permission_policy#
- WAFV2.Client.put_permission_policy(**kwargs)#
Attaches an IAM policy to the specified resource. Use this to share a rule group across accounts.
You must be the owner of the rule group to perform this operation.
This action is subject to the following restrictions:
You can attach only one policy with each
PutPermissionPolicy
request.The ARN in the request must be a valid WAF RuleGroup ARN and the rule group must exist in the same Region.
The user making the request must be the owner of the rule group.
See also: AWS API Documentation
Request Syntax
response = client.put_permission_policy( ResourceArn='string', Policy='string' )
- Parameters:
ResourceArn (string) –
[REQUIRED]
The Amazon Resource Name (ARN) of the RuleGroup to which you want to attach the policy.
Policy (string) –
[REQUIRED]
The policy to attach to the specified rule group.
The policy specifications must conform to the following:
The policy must be composed using IAM Policy version 2012-10-17 or version 2015-01-01.
The policy must include specifications for
Effect
,Action
, andPrincipal
.Effect
must specifyAllow
.Action
must specifywafv2:CreateWebACL
,wafv2:UpdateWebACL
, andwafv2:PutFirewallManagerRuleGroups
and may optionally specifywafv2:GetRuleGroup
. WAF rejects any extra actions or wildcard actions in the policy.The policy must not include a
Resource
parameter.
For more information, see IAM Policies.
- Return type:
dict
- Returns:
Response Syntax
{}
Response Structure
(dict) –
Exceptions
WAFV2.Client.exceptions.WAFNonexistentItemException
WAFV2.Client.exceptions.WAFInternalErrorException
WAFV2.Client.exceptions.WAFInvalidParameterException
WAFV2.Client.exceptions.WAFInvalidPermissionPolicyException