put_permission_policy

put_permission_policy(**kwargs)

Attaches an IAM policy to the specified resource. Use this to share a rule group across accounts.

You must be the owner of the rule group to perform this operation.

This action is subject to the following restrictions:

• You can attach only one policy with each PutPermissionPolicy request.
• The ARN in the request must be a valid WAF RuleGroup ARN and the rule group must exist in the same Region.
• The user making the request must be the owner of the rule group.

See also: AWS API Documentation

Request Syntax

response = client.put_permission_policy(
    ResourceArn='string',
    Policy='string'
)

Parameters

• ResourceArn (string) --

  [REQUIRED]

  The Amazon Resource Name (ARN) of the RuleGroup to which you want to attach the policy.

• Policy (string) --

  [REQUIRED]

  The policy to attach to the specified rule group.

  The policy specifications must conform to the following:

  • The policy must be composed using IAM Policy version 2012-10-17 or version 2015-01-01.
  • The policy must include specifications for Effect , Action , and Principal .
  • Effect must specify Allow .
  • Action must specify wafv2:CreateWebACL , wafv2:UpdateWebACL , and wafv2:PutFirewallManagerRuleGroups and may optionally specify wafv2:GetRuleGroup . WAF rejects any extra actions or wildcard actions in the policy.
  • The policy must not include a Resource parameter.

  For more information, see IAM Policies.

Return type

dict

Returns

Response Syntax

{}

Response Structure

• (dict) --

Exceptions

• WAFV2.Client.exceptions.WAFNonexistentItemException
• WAFV2.Client.exceptions.WAFInternalErrorException
• WAFV2.Client.exceptions.WAFInvalidParameterException
• WAFV2.Client.exceptions.WAFInvalidPermissionPolicyException