AWS CLI Command Reference

[ aws . wafv2 ]

put-permission-policy

Description

Attaches an IAM policy to the specified resource. Use this to share a rule group across accounts.

You must be the owner of the rule group to perform this operation.

This action is subject to the following restrictions:

  • You can attach only one policy with each PutPermissionPolicy request.

  • The ARN in the request must be a valid WAF RuleGroup ARN and the rule group must exist in the same Region.

  • The user making the request must be the owner of the rule group.

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.

Synopsis

  put-permission-policy
--resource-arn <value>
--policy <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]

Options

--resource-arn (string)

The Amazon Resource Name (ARN) of the RuleGroup to which you want to attach the policy.

--policy (string)

The policy to attach to the specified rule group.

The policy specifications must conform to the following:

  • The policy must be composed using IAM Policy version 2012-10-17 or version 2015-01-01.

  • The policy must include specifications for Effect , Action , and Principal .

  • Effect must specify Allow .

  • Action must specify wafv2:CreateWebACL , wafv2:UpdateWebACL , and wafv2:PutFirewallManagerRuleGroups and may optionally specify wafv2:GetRuleGroup . WAF rejects any extra actions or wildcard actions in the policy.

  • The policy must not include a Resource parameter.

For more information, see IAM Policies .

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See ‘aws help’ for descriptions of global parameters.

Output

None

© Copyright 2018, Amazon Web Services. Created using Sphinx.