Skip to content

/AWS1/CL_WA2=>PUTPERMISSIONPOLICY()

About PutPermissionPolicy

Attaches an IAM policy to the specified resource. Use this to share a rule group across accounts.

You must be the owner of the rule group to perform this operation.

This action is subject to the following restrictions:

  • You can attach only one policy with each PutPermissionPolicy request.

  • The ARN in the request must be a valid WAF RuleGroup ARN and the rule group must exist in the same Region.

  • The user making the request must be the owner of the rule group.

Method Signature

IMPORTING

Required arguments:

IV_RESOURCEARN TYPE /AWS1/WA2RESOURCEARN /AWS1/WA2RESOURCEARN

The Amazon Resource Name (ARN) of the RuleGroup to which you want to attach the policy.

IV_POLICY TYPE /AWS1/WA2POLICYSTRING /AWS1/WA2POLICYSTRING

The policy to attach to the specified rule group.

The policy specifications must conform to the following:

  • The policy must be composed using IAM Policy version 2012-10-17.

  • The policy must include specifications for Effect, Action, and Principal.

  • Effect must specify Allow.

  • Action must specify wafv2:CreateWebACL, wafv2:UpdateWebACL, and wafv2:PutFirewallManagerRuleGroups and may optionally specify wafv2:GetRuleGroup. WAF rejects any extra actions or wildcard actions in the policy.

  • The policy must not include a Resource parameter.

For more information, see IAM Policies.

RETURNING

OO_OUTPUT TYPE REF TO /AWS1/CL_WA2PUTPERMPOLICYRSP /AWS1/CL_WA2PUTPERMPOLICYRSP