putPermissionPolicy method
Use this to share a rule group with other accounts.
This action attaches an IAM policy to the specified resource. You must be the owner of the rule group to perform this operation.
This action is subject to the following restrictions:
-
You can attach only one policy with each
PutPermissionPolicyrequest. - The ARN in the request must be a valid WAF RuleGroup ARN and the rule group must exist in the same Region.
- The user making the request must be the owner of the rule group.
GetRuleGroup, and you can reference it in
CreateWebACL and UpdateWebACL. Rule groups that
are shared with you don't appear in your WAF console rule groups listing.
May throw WAFInternalErrorException.
May throw WAFInvalidParameterException.
May throw WAFInvalidPermissionPolicyException.
May throw WAFNonexistentItemException.
Parameter policy :
The policy to attach to the specified rule group.
The policy specifications must conform to the following:
- The policy must be composed using IAM Policy version 2012-10-17.
-
The policy must include specifications for
Effect,Action, andPrincipal. -
Effectmust specifyAllow. -
Actionmust specifywafv2:CreateWebACL,wafv2:UpdateWebACL, andwafv2:PutFirewallManagerRuleGroupsand may optionally specifywafv2:GetRuleGroup. WAF rejects any extra actions or wildcard actions in the policy. -
The policy must not include a
Resourceparameter.
Parameter resourceArn :
The Amazon Resource Name (ARN) of the RuleGroup to which you want
to attach the policy.
Implementation
Future<void> putPermissionPolicy({
required String policy,
required String resourceArn,
}) async {
final headers = <String, String>{
'Content-Type': 'application/x-amz-json-1.1',
'X-Amz-Target': 'AWSWAF_20190729.PutPermissionPolicy'
};
await _protocol.send(
method: 'POST',
requestUri: '/',
exceptionFnMap: _exceptionFns,
// TODO queryParams
headers: headers,
payload: {
'Policy': policy,
'ResourceArn': resourceArn,
},
);
}