[ aws . network-firewall ]

put-resource-policy

Description

Creates or updates an AWS Identity and Access Management policy for your rule group or firewall policy. Use this to share rule groups and firewall policies between accounts. This operation works in conjunction with the AWS Resource Access Manager (RAM) service to manage resource sharing for Network Firewall.

Use this operation to create or update a resource policy for your rule group or firewall policy. In the policy, you specify the accounts that you want to share the resource with and the operations that you want the accounts to be able to perform.

When you add an account in the resource policy, you then run the following Resource Access Manager (RAM) operations to access and accept the shared rule group or firewall policy.

• GetResourceShareInvitations - Returns the Amazon Resource Names (ARNs) of the resource share invitations.

• AcceptResourceShareInvitation - Accepts the share invitation for a specified resource share.

For additional information about resource sharing using RAM, see AWS Resource Access Manager User Guide .

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.

Synopsis

  put-resource-policy
--resource-arn <value>
--policy <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]

Options

--resource-arn (string)

The Amazon Resource Name (ARN) of the account that you want to share rule groups and firewall policies with.

--policy (string)

The AWS Identity and Access Management policy statement that lists the accounts that you want to share your rule group or firewall policy with and the operations that you want the accounts to be able to perform.

For a rule group resource, you can specify the following operations in the Actions section of the statement:

• network-firewall:CreateFirewallPolicy

• network-firewall:UpdateFirewallPolicy

• network-firewall:ListRuleGroups

For a firewall policy resource, you can specify the following operations in the Actions section of the statement:

• network-firewall:CreateFirewall

• network-firewall:UpdateFirewall

• network-firewall:AssociateFirewallPolicy

• network-firewall:ListFirewallPolicies

In the Resource section of the statement, you specify the ARNs for the rule groups and firewall policies that you want to share with the account that you specified in Arn .

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See ‘aws help’ for descriptions of global parameters.

Output

None