PutResourcePolicy - AWS X-Ray

PutResourcePolicy

Sets the resource policy to grant one or more AWS services and accounts permissions to access X-Ray. Each resource policy will be associated with a specific AWS account. Each AWS account can have a maximum of 5 resource policies, and each policy name must be unique within that account. The maximum size of each resource policy is 5KB.

Request Syntax

POST /PutResourcePolicy HTTP/1.1 Content-type: application/json { "BypassPolicyLockoutCheck": boolean, "PolicyDocument": "string", "PolicyName": "string", "PolicyRevisionId": "string" }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

BypassPolicyLockoutCheck

A flag to indicate whether to bypass the resource policy lockout safety check.

Important

Setting this value to true increases the risk that the policy becomes unmanageable. Do not set this value to true indiscriminately.

Use this parameter only when you include a policy in the request and you intend to prevent the principal that is making the request from making a subsequent PutResourcePolicy request.

The default value is false.

Type: Boolean

Required: No

PolicyDocument

The resource policy document, which can be up to 5kb in size.

Type: String

Required: Yes

PolicyName

The name of the resource policy. Must be unique within a specific AWS account.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+=,.@-]+

Required: Yes

PolicyRevisionId

Specifies a specific policy revision, to ensure an atomic create operation. By default the resource policy is created if it does not exist, or updated with an incremented revision id. The revision id is unique to each policy in the account.

If the policy revision id does not match the latest revision id, the operation will fail with an InvalidPolicyRevisionIdException exception. You can also provide a PolicyRevisionId of 0. In this case, the operation will fail with an InvalidPolicyRevisionIdException exception if a resource policy with the same name already exists.

Type: String

Required: No

Response Syntax

HTTP/1.1 200 Content-type: application/json { "ResourcePolicy": { "LastUpdatedTime": number, "PolicyDocument": "string", "PolicyName": "string", "PolicyRevisionId": "string" } }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

ResourcePolicy

The resource policy document, as provided in the PutResourcePolicyRequest.

Type: ResourcePolicy object

Errors

For information about the errors that are common to all actions, see Common Errors.

InvalidPolicyRevisionIdException

A policy revision id was provided which does not match the latest policy revision. This exception is also if a policy revision id of 0 is provided via PutResourcePolicy and a policy with the same name already exists.

HTTP Status Code: 400

LockoutPreventionException

The provided resource policy would prevent the caller of this request from calling PutResourcePolicy in the future.

HTTP Status Code: 400

MalformedPolicyDocumentException

Invalid policy document provided in request.

HTTP Status Code: 400

PolicyCountLimitExceededException

Exceeded the maximum number of resource policies for a target AWS account.

HTTP Status Code: 400

PolicySizeLimitExceededException

Exceeded the maximum size for a resource policy.

HTTP Status Code: 400

ThrottledException

The request exceeds the maximum number of requests per second.

HTTP Status Code: 429

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: