/AWS1/CL_WA2=>PUTPERMISSIONPOLICY()
¶
About PutPermissionPolicy¶
Attaches an IAM policy to the specified resource. Use this to share a rule group across accounts.
You must be the owner of the rule group to perform this operation.
This action is subject to the following restrictions:
-
You can attach only one policy with each
PutPermissionPolicy
request. -
The ARN in the request must be a valid WAF RuleGroup ARN and the rule group must exist in the same Region.
-
The user making the request must be the owner of the rule group.
Method Signature¶
IMPORTING¶
Required arguments:¶
IV_RESOURCEARN
TYPE /AWS1/WA2RESOURCEARN
/AWS1/WA2RESOURCEARN
¶
The Amazon Resource Name (ARN) of the RuleGroup to which you want to attach the policy.
IV_POLICY
TYPE /AWS1/WA2POLICYSTRING
/AWS1/WA2POLICYSTRING
¶
The policy to attach to the specified rule group.
The policy specifications must conform to the following:
The policy must be composed using IAM Policy version 2012-10-17.
The policy must include specifications for
Effect
,Action
, andPrincipal
.
Effect
must specifyAllow
.
Action
must specifywafv2:CreateWebACL
,wafv2:UpdateWebACL
, andwafv2:PutFirewallManagerRuleGroups
and may optionally specifywafv2:GetRuleGroup
. WAF rejects any extra actions or wildcard actions in the policy.The policy must not include a
Resource
parameter.For more information, see IAM Policies.