AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.
This is AWS WAF Classic documentation. For more information, see AWS
WAF Classic in the developer guide.
For the latest version of AWS WAF, use the AWS WAFV2 API and see the AWS
WAF Developer Guide. With the latest version, AWS WAF has a single set of endpoints
for regional and global use.
Attaches an IAM policy to the specified resource. The only supported use for this action is to share a RuleGroup across accounts.
The PutPermissionPolicy
is subject to the following restrictions:
You can attach only one policy with each PutPermissionPolicy
request.
The policy must include an Effect
, Action
and Principal
.
Effect
must specify Allow
.
The Action
in the policy must be waf:UpdateWebACL
, waf-regional:UpdateWebACL
,
waf:GetRuleGroup
and waf-regional:GetRuleGroup
. Any extra or wildcard
actions in the policy will be rejected.
The policy cannot include a Resource
parameter.
The ARN in the request must be a valid WAF RuleGroup ARN and the RuleGroup must exist in the same region.
The user making the request must be the owner of the RuleGroup.
Your policy must be composed using IAM Policy version 2012-10-17.
For more information, see IAM Policies.
An example of a valid policy parameter is shown in the Examples section below.
For .NET Core this operation is only available in asynchronous form. Please refer to PutPermissionPolicyAsync.
Namespace: Amazon.WAF
Assembly: AWSSDK.WAF.dll
Version: 3.x.y.z
public virtual PutPermissionPolicyResponse PutPermissionPolicy( PutPermissionPolicyRequest request )
Container for the necessary parameters to execute the PutPermissionPolicy service method.
Exception | Condition |
---|---|
WAFInternalErrorException | The operation failed because of a system problem, even though the request was valid. Retry your request. |
WAFInvalidPermissionPolicyException | The operation failed because the specified policy is not in the proper format. The policy is subject to the following restrictions: You can attach only one policy with each PutPermissionPolicy request. The policy must include an Effect, Action and Principal. Effect must specify Allow. The Action in the policy must be waf:UpdateWebACL, waf-regional:UpdateWebACL, waf:GetRuleGroup and waf-regional:GetRuleGroup . Any extra or wildcard actions in the policy will be rejected. The policy cannot include a Resource parameter. The ARN in the request must be a valid WAF RuleGroup ARN and the RuleGroup must exist in the same region. The user making the request must be the owner of the RuleGroup. Your policy must be composed using IAM Policy version 2012-10-17. |
WAFNonexistentItemException | The operation failed because the referenced object doesn't exist. |
WAFStaleDataException | The operation failed because you tried to create, update, or delete an object by using a change token that has already been used. |
.NET Framework:
Supported in: 4.5, 4.0, 3.5