AWS Firewall Manager
Firewall Management (API Version 2018-01-01)

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.


Permanently deletes an AWS Firewall Manager policy.

Request Syntax

{ "DeleteAllPolicyResources": boolean, "PolicyId": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.


If True, the request performs cleanup according to the policy type.

For AWS WAF and Shield Advanced policies, the cleanup does the following:

  • Deletes rule groups created by AWS Firewall Manager

  • Removes web ACLs from in-scope resources

  • Deletes web ACLs that contain no rules or rule groups

For security group policies, the cleanup does the following for each security group in the policy:

  • Disassociates the security group from in-scope resources

  • Deletes the security group if it was created through Firewall Manager and if it's no longer associated with any resources through another policy

After the cleanup, in-scope resources are no longer protected by web ACLs in this policy. Protection of out-of-scope resources remains unchanged. Scope is determined by tags that you create and accounts that you associate with the policy. When creating the policy, if you specify that only resources in specific accounts or with specific tags are in scope of the policy, those accounts and resources are handled by the policy. All others are out of scope. If you don't specify tags or accounts, all resources are in scope.

Type: Boolean

Required: No


The ID of the policy that you want to delete. PolicyId is returned by PutPolicy and by ListPolicies.

Type: String

Length Constraints: Fixed length of 36.

Pattern: ^[a-z0-9A-Z-]{36}$

Required: Yes

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.


For information about the errors that are common to all actions, see Common Errors.


The operation failed because of a system problem, even though the request was valid. Retry your request.

HTTP Status Code: 400


The operation failed because there was nothing to do. For example, you might have submitted an AssociateAdminAccount request, but the account ID that you submitted was already set as the AWS Firewall Manager administrator.

HTTP Status Code: 400


The specified resource was not found.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: