AWS CLI Command Reference

Navigation

Table Of Contents

Feedback

User Guide

First time using the AWS CLI? See the User Guide for help getting started.

Note: You are viewing the documentation for an older major version of the AWS CLI (version 1).

AWS CLI version 2, the latest major version of AWS CLI, is now stable and recommended for general use. To view this page for the AWS CLI version 2, click here. For more information see the AWS CLI version 2 installation instructions and migration guide.

[ aws . waf ]

put-permission-policy

Description

Note

This is AWS WAF Classic documentation. For more information, see AWS WAF Classic in the developer guide.

For the latest version of AWS WAF , use the AWS WAFV2 API and see the AWS WAF Developer Guide . With the latest version, AWS WAF has a single set of endpoints for regional and global use.

Attaches an IAM policy to the specified resource. The only supported use for this action is to share a RuleGroup across accounts.

The PutPermissionPolicy is subject to the following restrictions:

  • You can attach only one policy with each PutPermissionPolicy request.
  • The policy must include an Effect , Action and Principal .
  • Effect must specify Allow .
  • The Action in the policy must be waf:UpdateWebACL , waf-regional:UpdateWebACL , waf:GetRuleGroup and waf-regional:GetRuleGroup . Any extra or wildcard actions in the policy will be rejected.
  • The policy cannot include a Resource parameter.
  • The ARN in the request must be a valid WAF RuleGroup ARN and the RuleGroup must exist in the same region.
  • The user making the request must be the owner of the RuleGroup.
  • Your policy must be composed using IAM Policy version 2012-10-17.

For more information, see IAM Policies .

An example of a valid policy parameter is shown in the Examples section below.

See also: AWS API Documentation

See 'aws help' for descriptions of global parameters.

Synopsis

  put-permission-policy
--resource-arn <value>
--policy <value>
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]

Options

--resource-arn (string)

The Amazon Resource Name (ARN) of the RuleGroup to which you want to attach the policy.

--policy (string)

The policy to attach to the specified RuleGroup.

--cli-input-json (string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See 'aws help' for descriptions of global parameters.

Output

None

Navigation