putPermissionPolicy method
Attaches an IAM policy to the specified resource. Use this to share a rule group across accounts.
You must be the owner of the rule group to perform this operation.
This action is subject to the following restrictions:
-
You can attach only one policy with each
PutPermissionPolicyrequest. - The ARN in the request must be a valid WAF RuleGroup ARN and the rule group must exist in the same region.
- The user making the request must be the owner of the rule group.
May throw WAFNonexistentItemException. May throw WAFInternalErrorException. May throw WAFInvalidParameterException. May throw WAFInvalidPermissionPolicyException.
Parameter policy :
The policy to attach to the specified rule group.
The policy specifications must conform to the following:
- The policy must be composed using IAM Policy version 2012-10-17 or version 2015-01-01.
-
The policy must include specifications for
Effect,Action, andPrincipal. -
Effectmust specifyAllow. -
Actionmust specifywafv2:CreateWebACL,wafv2:UpdateWebACL, andwafv2:PutFirewallManagerRuleGroups. AWS WAF rejects any extra actions or wildcard actions in the policy. -
The policy must not include a
Resourceparameter.
Parameter resourceArn :
The Amazon Resource Name (ARN) of the RuleGroup to which you want
to attach the policy.
Implementation
Future<void> putPermissionPolicy({
required String policy,
required String resourceArn,
}) async {
ArgumentError.checkNotNull(policy, 'policy');
_s.validateStringLength(
'policy',
policy,
1,
395000,
isRequired: true,
);
ArgumentError.checkNotNull(resourceArn, 'resourceArn');
_s.validateStringLength(
'resourceArn',
resourceArn,
20,
2048,
isRequired: true,
);
final headers = <String, String>{
'Content-Type': 'application/x-amz-json-1.1',
'X-Amz-Target': 'AWSWAF_20190729.PutPermissionPolicy'
};
await _protocol.send(
method: 'POST',
requestUri: '/',
exceptionFnMap: _exceptionFns,
// TODO queryParams
headers: headers,
payload: {
'Policy': policy,
'ResourceArn': resourceArn,
},
);
}