Cookie の設定を選択する

当社は、当社のサイトおよびサービスを提供するために必要な必須 Cookie および類似のツールを使用しています。当社は、パフォーマンス Cookie を使用して匿名の統計情報を収集することで、お客様が当社のサイトをどのように利用しているかを把握し、改善に役立てています。必須 Cookie は無効化できませんが、[カスタマイズ] または [拒否] をクリックしてパフォーマンス Cookie を拒否することはできます。

お客様が同意した場合、AWS および承認された第三者は、Cookie を使用して便利なサイト機能を提供したり、お客様の選択を記憶したり、関連する広告を含む関連コンテンツを表示したりします。すべての必須ではない Cookie を受け入れるか拒否するには、[受け入れる] または [拒否] をクリックしてください。より詳細な選択を行うには、[カスタマイズ] をクリックしてください。

設定
お問い合わせ
フィードバック
AWS Documentation
今すぐ無料サインアップ »
PutPermissionPolicy - AWS WAFV2
Request SyntaxRequest ParametersResponse ElementsErrorsExamplesSee Also
このページはお客様の言語に翻訳されていません。 翻訳のリクエスト

PutPermissionPolicy

PDF

Use this to share a rule group with other accounts.

This action attaches an IAM policy to the specified resource. You must be the owner of the rule group to perform this operation.

This action is subject to the following restrictions:

  • You can attach only one policy with each PutPermissionPolicy request.

  • The ARN in the request must be a valid AWS WAF RuleGroup ARN and the rule group must exist in the same Region.

  • The user making the request must be the owner of the rule group.

If a rule group has been shared with your account, you can access it through the call GetRuleGroup, and you can reference it in CreateWebACL and UpdateWebACL. Rule groups that are shared with you don't appear in your AWS WAF console rule groups listing.

Request Syntax

{
   "Policy": "string",
   "ResourceArn": "string"
}

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

Policy

The policy to attach to the specified rule group.

The policy specifications must conform to the following:

  • The policy must be composed using IAM Policy version 2012-10-17.

  • The policy must include specifications for Effect, Action, and Principal.

  • Effect must specify Allow.

  • Action must specify wafv2:CreateWebACL, wafv2:UpdateWebACL, and wafv2:PutFirewallManagerRuleGroups and may optionally specify wafv2:GetRuleGroup. AWS WAF rejects any extra actions or wildcard actions in the policy.

  • The policy must not include a Resource parameter.

For more information, see IAM Policies.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 395000.

Pattern: .*\S.*

Required: Yes

ResourceArn

The Amazon Resource Name (ARN) of the RuleGroup to which you want to attach the policy.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: .*\S.*

Required: Yes

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Errors

For information about the errors that are common to all actions, see Common Errors.

WAFInternalErrorException

Your request is valid, but AWS WAF couldn’t perform the operation because of a system problem. Retry your request.

HTTP Status Code: 500

WAFInvalidParameterException

The operation failed because AWS WAF didn't recognize a parameter in the request. For example:

  • You specified a parameter name or value that isn't valid.

  • Your nested statement isn't valid. You might have tried to nest a statement that can’t be nested.

  • You tried to update a WebACL with a DefaultAction that isn't among the types available at DefaultAction.

  • Your request references an ARN that is malformed, or corresponds to a resource with which a web ACL can't be associated.

HTTP Status Code: 400

WAFInvalidPermissionPolicyException

The operation failed because the specified policy isn't in the proper format.

The policy specifications must conform to the following:

  • The policy must be composed using IAM Policy version 2012-10-17.

  • The policy must include specifications for Effect, Action, and Principal.

  • Effect must specify Allow.

  • Action must specify wafv2:CreateWebACL, wafv2:UpdateWebACL, and wafv2:PutFirewallManagerRuleGroups and may optionally specify wafv2:GetRuleGroup. AWS WAF rejects any extra actions or wildcard actions in the policy.

  • The policy must not include a Resource parameter.

For more information, see IAM Policies.

HTTP Status Code: 400

WAFNonexistentItemException

AWS WAF couldn’t perform the operation because your resource doesn't exist. If you've just created a resource that you're using in this operation, you might just need to wait a few minutes. It can take from a few seconds to a number of minutes for changes to propagate.

HTTP Status Code: 400

Examples

Share a rule group with another account

This example illustrates one usage of PutPermissionPolicy.

{
   "Version": "2012-10-17",
    "Statement": [
        {
          "Effect": "Allow",
          "Principal": {
              "AWS": "arn:aws:iam::111111111111:user/UserName"
          },
          "Action": [
               "wafv2:CreateWebACL", 
               "wafv2:UpdateWebACL",
               "wafv2:PutFirewallManagerRuleGroups",
               "wafv2:GetRuleGroup"

          ]
        }
    ]
}

Example put permission policy call for the CLI:

This example illustrates one usage of PutPermissionPolicy.

aws wafv2 put-permission-policy --resource-arn arn:aws:wafv2:us-east-1:989717579876:regional/rulegroup/rule_group_with_rules/exampleRuleGroupArn --policy '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::111111111111:user/ExampleUserName"},"Action":["wafv2:UpdateWebACL","wafv2:CreateWebACL","wafv2:PutFirewallManagerRuleGroups"]}]}'

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

次のトピック

TagResource

前のトピック:

PutManagedRuleSetVersions

ヘルプが必要ですか?

プライバシーサイト規約Cookie の設定
© 2025, Amazon Web Services, Inc. or its affiliates.All rights reserved.