Enable sharing of a firewall policy with an account

Resource-based policy examples for AWS Network Firewall

The Network Firewall service supports only one type of resource-based policy called a resource policy, which is attached to a shared firewall policy or rule group. This policy defines which principals can share firewall policies and rule groups between accounts.

To learn how to attach a resource policy to a shared rule group or firewall policy, see Sharing firewall policies and rule groups.

Topics

Enable sharing of a firewall policy with an account

Enable sharing of a firewall policy with an account

The following example grants permissions to the service principal to create or update a resource policy for a firewall policy that's shared across accounts. In the resource policy, you specify the accounts that you want to share the resource with and the operations that you want the accounts to be able to perform.

For information about sharing resources in Network Firewall, see Sharing firewall policies and rule groups.


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
			      "AWS": "123456789012"
		  },
            "Action": ["network-firewall:AssociateFirewallPolicy", "network-firewall:ListFirewallPolicies"],
            "Resource": "arn:aws:network-firewall:aws-region:123456789012:firewall-policy/test-action"
        }
    ]
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Identity-based policy examples

AWS managed policies