:doc:`WAF <../../waf>` / Client / put_permission_policy

*********************
put_permission_policy
*********************



.. py:method:: WAF.Client.put_permission_policy(**kwargs)

  

  .. note::

    

    This is **AWS WAF Classic** documentation. For more information, see `AWS WAF Classic <https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html>`__ in the developer guide.

     

    **For the latest version of AWS WAF**, use the AWS WAFV2 API and see the `AWS WAF Developer Guide <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html>`__. With the latest version, AWS WAF has a single set of endpoints for regional and global use.

    

   

  Attaches an IAM policy to the specified resource. The only supported use for this action is to share a RuleGroup across accounts.

   

  The ``PutPermissionPolicy`` is subject to the following restrictions:

   

  
  * You can attach only one policy with each ``PutPermissionPolicy`` request.
   
  * The policy must include an ``Effect``, ``Action`` and ``Principal``.
   
  * ``Effect`` must specify ``Allow``.
   
  * The ``Action`` in the policy must be ``waf:UpdateWebACL``, ``waf-regional:UpdateWebACL``, ``waf:GetRuleGroup`` and ``waf-regional:GetRuleGroup`` . Any extra or wildcard actions in the policy will be rejected.
   
  * The policy cannot include a ``Resource`` parameter.
   
  * The ARN in the request must be a valid WAF RuleGroup ARN and the RuleGroup must exist in the same region.
   
  * The user making the request must be the owner of the RuleGroup.
   
  * Your policy must be composed using IAM Policy version 2012-10-17.
  

   

  For more information, see `IAM Policies <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html>`__.

   

  An example of a valid policy parameter is shown in the Examples section below.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/PutPermissionPolicy>`_  


  **Request Syntax**
  ::

    response = client.put_permission_policy(
        ResourceArn='string',
        Policy='string'
    )
    
  :type ResourceArn: string
  :param ResourceArn: **[REQUIRED]** 

    The Amazon Resource Name (ARN) of the RuleGroup to which you want to attach the policy.

    

  
  :type Policy: string
  :param Policy: **[REQUIRED]** 

    The policy to attach to the specified RuleGroup.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {}
      
    **Response Structure**

    

    - *(dict) --* 
  
  **Exceptions**
  
  *   :py:class:`WAF.Client.exceptions.WAFInternalErrorException`

  
  *   :py:class:`WAF.Client.exceptions.WAFStaleDataException`

  
  *   :py:class:`WAF.Client.exceptions.WAFNonexistentItemException`

  
  *   :py:class:`WAF.Client.exceptions.WAFInvalidPermissionPolicyException`

  