AWS WAF Regional

2018/02/20 - AWS WAF Regional - 3 new api methods

Changes  The new PermissionPolicy APIs in AWS WAF Regional allow customers to attach resource-based policies to their entities.

PutPermissionPolicy (new) Link ¶

Attaches a IAM policy to the specified resource. The only supported use for this action is to share a RuleGroup across accounts.

The PutPermissionPolicy is subject to the following restrictions:

  • You can attach only one policy with each PutPermissionPolicy request.

  • The policy must include an Effect , Action and Principal .

  • Effect must specify Allow .

  • The Action in the policy must be waf:UpdateWebACL and waf-regional:UpdateWebACL . Any extra or wildcard actions in the policy will be rejected.

  • The policy cannot include a Resource parameter.

  • The ARN in the request must be a valid WAF RuleGroup ARN and the RuleGroup must exist in the same region.

  • The user making the request must be the owner of the RuleGroup.

  • Your policy must be composed using IAM Policy version 2012-10-17.

For more information, see IAM Policies .

An example of a valid policy parameter is shown in the Examples section below.

See also: AWS API Documentation

Request Syntax

client.put_permission_policy(
    ResourceArn='string',
    Policy='string'
)
type ResourceArn

string

param ResourceArn

[REQUIRED]

The Amazon Resource Name (ARN) of the RuleGroup to which you want to attach the policy.

type Policy

string

param Policy

[REQUIRED]

The policy to attach to the specified RuleGroup.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

GetPermissionPolicy (new) Link ¶

Returns the IAM policy attached to the RuleGroup.

See also: AWS API Documentation

Request Syntax

client.get_permission_policy(
    ResourceArn='string'
)
type ResourceArn

string

param ResourceArn

[REQUIRED]

The Amazon Resource Name (ARN) of the RuleGroup for which you want to get the policy.

rtype

dict

returns

Response Syntax

{
    'Policy': 'string'
}

Response Structure

  • (dict) --

    • Policy (string) --

      The IAM policy attached to the specified RuleGroup.

DeletePermissionPolicy (new) Link ¶

Permanently deletes an IAM policy from the specified RuleGroup.

The user making the request must be the owner of the RuleGroup.

See also: AWS API Documentation

Request Syntax

client.delete_permission_policy(
    ResourceArn='string'
)
type ResourceArn

string

param ResourceArn

[REQUIRED]

The Amazon Resource Name (ARN) of the RuleGroup from which you want to delete the policy.

The user making the request must be the owner of the RuleGroup.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --