AWS WAF

2018/02/20 - AWS WAF - 3 new api methods

Changes  Update waf client to latest version

PutPermissionPolicy (new) Link ¶

Attaches a IAM policy to the specified resource. The only supported use for this action is to share a RuleGroup across accounts.

The PutPermissionPolicy is subject to the following restrictions:

  • You can attach only one policy with each PutPermissionPolicy request.

  • The policy must include an Effect, Action and Principal.

  • Effect must specify Allow.

  • The Action in the policy must be waf:UpdateWebACL and waf-regional:UpdateWebACL. Any extra or wildcard actions in the policy will be rejected.

  • The policy cannot include a Resource parameter.

  • The ARN in the request must be a valid WAF RuleGroup ARN and the RuleGroup must exist in the same region.

  • The user making the request must be the owner of the RuleGroup.

  • Your policy must be composed using IAM Policy version 2012-10-17.

For more information, see IAM Policies.

An example of a valid policy parameter is shown in the Examples section below.

See also: AWS API Documentation

Request Syntax

client.put_permission_policy(
    ResourceArn='string',
    Policy='string'
)
type ResourceArn:

string

param ResourceArn:

[REQUIRED]

The Amazon Resource Name (ARN) of the RuleGroup to which you want to attach the policy.

type Policy:

string

param Policy:

[REQUIRED]

The policy to attach to the specified RuleGroup.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

GetPermissionPolicy (new) Link ¶

Returns the IAM policy attached to the RuleGroup.

See also: AWS API Documentation

Request Syntax

client.get_permission_policy(
    ResourceArn='string'
)
type ResourceArn:

string

param ResourceArn:

[REQUIRED]

The Amazon Resource Name (ARN) of the RuleGroup for which you want to get the policy.

rtype:

dict

returns:

Response Syntax

{
    'Policy': 'string'
}

Response Structure

  • (dict) --

    • Policy (string) --

      The IAM policy attached to the specified RuleGroup.

DeletePermissionPolicy (new) Link ¶

Permanently deletes an IAM policy from the specified RuleGroup.

The user making the request must be the owner of the RuleGroup.

See also: AWS API Documentation

Request Syntax

client.delete_permission_policy(
    ResourceArn='string'
)
type ResourceArn:

string

param ResourceArn:

[REQUIRED]

The Amazon Resource Name (ARN) of the RuleGroup from which you want to delete the policy.

The user making the request must be the owner of the RuleGroup.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --