AWS SDK for PHP 3.x

Service ID: ram

Version: 2018-01-04

This page describes the parameters and results for the operations of the AWS Resource Access Manager (2018-01-04), and shows how to use the Aws\RAM\RAMClient object to call the described operations. This documentation is specific to the 2018-01-04 API version of the service.

Operation Summary

Each of the following operations can be created from a client using $client->getCommand('CommandName'), where "CommandName" is the name of one of the following operations. Note: a command is a value that encapsulates an operation and the parameters used to create an HTTP request.

You can also create and send a command immediately using the magic methods available on a client object: $client->commandName(/* parameters */). You can send the command asynchronously (returning a promise) by appending the word "Async" to the operation name: $client->commandNameAsync(/* parameters */).

AcceptResourceShareInvitation ( array $params = [] )
Accepts an invitation to a resource share from another Amazon Web Services account.
AssociateResourceShare ( array $params = [] )
Adds the specified list of principals and list of resources to a resource share.
AssociateResourceSharePermission ( array $params = [] )
Adds or replaces the RAM permission for a resource type included in a resource share.
CreateResourceShare ( array $params = [] )
Creates a resource share.
DeleteResourceShare ( array $params = [] )
Deletes the specified resource share.
DisassociateResourceShare ( array $params = [] )
Disassociates the specified principals or resources from the specified resource share.
DisassociateResourceSharePermission ( array $params = [] )
Disassociates an RAM permission from a resource share.
EnableSharingWithAwsOrganization ( array $params = [] )
Enables resource sharing within your organization in Organizations.
GetPermission ( array $params = [] )
Gets the contents of an RAM permission in JSON format.
GetResourcePolicies ( array $params = [] )
Retrieves the resource policies for the specified resources that you own and have shared.
GetResourceShareAssociations ( array $params = [] )
Retrieves the resource and principal associations for resource shares that you own.
GetResourceShareInvitations ( array $params = [] )
Retrieves details about invitations that you have received for resource shares.
GetResourceShares ( array $params = [] )
Retrieves details about the resource shares that you own or that are shared with you.
ListPendingInvitationResources ( array $params = [] )
Lists the resources in a resource share that is shared with you but for which the invitation is still PENDING.
ListPermissionVersions ( array $params = [] )
Lists the available versions of the specified RAM permission.
ListPermissions ( array $params = [] )
Retrieves a list of available RAM permissions that you can use for the supported resource types.
ListPrincipals ( array $params = [] )
Lists the principals that you are sharing resources with or that are sharing resources with you.
ListResourceSharePermissions ( array $params = [] )
Lists the RAM permissions that are associated with a resource share.
ListResourceTypes ( array $params = [] )
Lists the resource types that can be shared by RAM.
ListResources ( array $params = [] )
Lists the resources that you added to a resource share or the resources that are shared with you.
PromoteResourceShareCreatedFromPolicy ( array $params = [] )
When you attach a resource-based permission policy to a resource, it automatically creates a resource share.
RejectResourceShareInvitation ( array $params = [] )
Rejects an invitation to a resource share from another Amazon Web Services account.
TagResource ( array $params = [] )
Adds the specified tag keys and values to the specified resource share.
UntagResource ( array $params = [] )
Removes the specified tag key and value pairs from the specified resource share.
UpdateResourceShare ( array $params = [] )
Modifies some of the properties of the specified resource share.

Paginators

Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:

GetResourcePolicies
GetResourceShareAssociations
GetResourceShareInvitations
GetResourceShares
ListPendingInvitationResources
ListPermissionVersions
ListPermissions
ListPrincipals
ListResourceSharePermissions
ListResourceTypes
ListResources

Operations

AcceptResourceShareInvitation

$result = $client->acceptResourceShareInvitation([/* ... */]);
$promise = $client->acceptResourceShareInvitationAsync([/* ... */]);

Accepts an invitation to a resource share from another Amazon Web Services account. After you accept the invitation, the resources included in the resource share are available to interact with in the relevant Amazon Web Services Management Consoles and tools.

Parameter Syntax

$result = $client->acceptResourceShareInvitation([
    'clientToken' => '<string>',
    'resourceShareInvitationArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

clientToken

Type: string

Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..

If you don't provide this value, then Amazon Web Services generates a random one for you.

resourceShareInvitationArn

Required: Yes
Type: string

The Amazon Resoure Name (ARN) of the invitation that you want to accept.

Result Syntax

[
    'clientToken' => '<string>',
    'resourceShareInvitation' => [
        'invitationTimestamp' => <DateTime>,
        'receiverAccountId' => '<string>',
        'receiverArn' => '<string>',
        'resourceShareArn' => '<string>',
        'resourceShareAssociations' => [
            [
                'associatedEntity' => '<string>',
                'associationType' => 'PRINCIPAL|RESOURCE',
                'creationTime' => <DateTime>,
                'external' => true || false,
                'lastUpdatedTime' => <DateTime>,
                'resourceShareArn' => '<string>',
                'resourceShareName' => '<string>',
                'status' => 'ASSOCIATING|ASSOCIATED|FAILED|DISASSOCIATING|DISASSOCIATED',
                'statusMessage' => '<string>',
            ],
            // ...
        ],
        'resourceShareInvitationArn' => '<string>',
        'resourceShareName' => '<string>',
        'senderAccountId' => '<string>',
        'status' => 'PENDING|ACCEPTED|REJECTED|EXPIRED',
    ],
]

Result Details

Members

clientToken

Type: string

The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the clientToken request parameter of that later call. All other parameters must also have the same values that you used in the first call.

resourceShareInvitation

Type: ResourceShareInvitation structure

An object that contains information about the specified invitation.

Errors

MalformedArnException:
The format of an Amazon Resource Name (ARN) is not valid.
OperationNotPermittedException:
The requested operation is not permitted.
ResourceShareInvitationArnNotFoundException:
The specified Amazon Resource Name (ARN) for an invitation was not found.
ResourceShareInvitationAlreadyAcceptedException:
The specified invitation was already accepted.
ResourceShareInvitationAlreadyRejectedException:
The specified invitation was already rejected.
ResourceShareInvitationExpiredException:
The specified invitation is expired.
ServerInternalException:
The service could not respond to the request due to an internal problem.
ServiceUnavailableException:
The service is not available.
InvalidClientTokenException:
The client token is not valid.
IdempotentParameterMismatchException:
The client token input parameter was matched one used with a previous call to the operation, but at least one of the other input parameters is different from the previous call.

AssociateResourceShare

$result = $client->associateResourceShare([/* ... */]);
$promise = $client->associateResourceShareAsync([/* ... */]);

Adds the specified list of principals and list of resources to a resource share. Principals that already have access to this resource share immediately receive access to the added resources. Newly added principals immediately receive access to the resources shared in this resource share.

Parameter Syntax

$result = $client->associateResourceShare([
    'clientToken' => '<string>',
    'principals' => ['<string>', ...],
    'resourceArns' => ['<string>', ...],
    'resourceShareArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

clientToken

Type: string

If you don't provide this value, then Amazon Web Services generates a random one for you.

principals

Type: Array of strings

Specifies a list of principals to whom you want to the resource share. This can be null if you want to add only resources.

What the principals can do with the resources in the share is determined by the RAM permissions that you associate with the resource share. See AssociateResourceSharePermission.

You can include the following values:

An Amazon Web Services account ID, for example: 123456789012
An Amazon Resoure Name (ARN) of an organization in Organizations, for example: organizations::123456789012:organization/o-exampleorgid
An ARN of an organizational unit (OU) in Organizations, for example: organizations::123456789012:ou/o-exampleorgid/ou-examplerootid-exampleouid123
An ARN of an IAM role, for example: iam::123456789012:role/rolename
An ARN of an IAM user, for example: iam::123456789012user/username

Not all resource types can be shared with IAM roles and users. For more information, see Sharing with IAM roles and users in the Resource Access Manager User Guide.

resourceArns

Type: Array of strings

Specifies a list of Amazon Resource Names (ARNs) of the resources that you want to share. This can be null if you want to add only principals.

resourceShareArn

Required: Yes
Type: string

Specifies the Amazon Resoure Name (ARN) of the resource share that you want to add principals or resources to.

Result Syntax

[
    'clientToken' => '<string>',
    'resourceShareAssociations' => [
        [
            'associatedEntity' => '<string>',
            'associationType' => 'PRINCIPAL|RESOURCE',
            'creationTime' => <DateTime>,
            'external' => true || false,
            'lastUpdatedTime' => <DateTime>,
            'resourceShareArn' => '<string>',
            'resourceShareName' => '<string>',
            'status' => 'ASSOCIATING|ASSOCIATED|FAILED|DISASSOCIATING|DISASSOCIATED',
            'statusMessage' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

clientToken

Type: string

resourceShareAssociations

Type: Array of ResourceShareAssociation structures

An array of objects that contain information about the associations.

Errors

IdempotentParameterMismatchException:
The client token input parameter was matched one used with a previous call to the operation, but at least one of the other input parameters is different from the previous call.
UnknownResourceException:
A specified resource was not found.
InvalidStateTransitionException:
The requested state transition is not valid.
ResourceShareLimitExceededException:
This request would exceed the limit for resource shares for your account.
MalformedArnException:
The format of an Amazon Resource Name (ARN) is not valid.
InvalidStateTransitionException:
The requested state transition is not valid.
InvalidClientTokenException:
The client token is not valid.
InvalidParameterException:
A parameter is not valid.
OperationNotPermittedException:
The requested operation is not permitted.
ServerInternalException:
The service could not respond to the request due to an internal problem.
ServiceUnavailableException:
The service is not available.
UnknownResourceException:
A specified resource was not found.
ThrottlingException:
You exceeded the rate at which you are allowed to perform this operation. Please try again later.

AssociateResourceSharePermission

$result = $client->associateResourceSharePermission([/* ... */]);
$promise = $client->associateResourceSharePermissionAsync([/* ... */]);

Adds or replaces the RAM permission for a resource type included in a resource share. You can have exactly one permission associated with each resource type in the resource share. You can add a new RAM permission only if there are currently no resources of that resource type currently in the resource share.

Parameter Syntax

$result = $client->associateResourceSharePermission([
    'clientToken' => '<string>',
    'permissionArn' => '<string>', // REQUIRED
    'permissionVersion' => <integer>,
    'replace' => true || false,
    'resourceShareArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

clientToken

Type: string

If you don't provide this value, then Amazon Web Services generates a random one for you.

permissionArn

Required: Yes
Type: string

Specifies the Amazon Resoure Name (ARN) of the RAM permission to associate with the resource share. To find the ARN for a permission, use either the ListPermissions operation or go to the Permissions library page in the RAM console and then choose the name of the permission. The ARN is displayed on the detail page.

permissionVersion

Type: int

Specifies the version of the RAM permission to associate with the resource share. If you don't specify this parameter, the operation uses the version designated as the default. You can use the ListPermissionVersions operation to discover the available versions of a permission.

replace

Type: boolean

Specifies whether the specified permission should replace or add to the existing permission associated with the resource share. Use true to replace the current permissions. Use false to add the permission to the current permission. The default value is false.

A resource share can have only one permission per resource type. If a resource share already has a permission for the specified resource type and you don't set replace to true then the operation returns an error. This helps prevent accidental overwriting of a permission.

resourceShareArn

Required: Yes
Type: string

Specifies the Amazon Resoure Name (ARN) of the resource share to which you want to add or replace permissions.

Result Syntax

[
    'clientToken' => '<string>',
    'returnValue' => true || false,
]

Result Details

Members

clientToken

Type: string

returnValue

Type: boolean

A return value of true indicates that the request succeeded. A value of false indicates that the request failed.

Errors

MalformedArnException:
The format of an Amazon Resource Name (ARN) is not valid.
UnknownResourceException:
A specified resource was not found.
InvalidParameterException:
A parameter is not valid.
InvalidClientTokenException:
The client token is not valid.
ServerInternalException:
The service could not respond to the request due to an internal problem.
ServiceUnavailableException:
The service is not available.
OperationNotPermittedException:
The requested operation is not permitted.

CreateResourceShare

$result = $client->createResourceShare([/* ... */]);
$promise = $client->createResourceShareAsync([/* ... */]);

Creates a resource share. You can provide a list of the Amazon Resource Names (ARNs) for the resources that you want to share, a list of principals you want to share the resources with, and the permissions to grant those principals.

Sharing a resource makes it available for use by principals outside of the Amazon Web Services account that created the resource. Sharing doesn't change any permissions or quotas that apply to the resource in the account that created it.

Parameter Syntax

$result = $client->createResourceShare([
    'allowExternalPrincipals' => true || false,
    'clientToken' => '<string>',
    'name' => '<string>', // REQUIRED
    'permissionArns' => ['<string>', ...],
    'principals' => ['<string>', ...],
    'resourceArns' => ['<string>', ...],
    'tags' => [
        [
            'key' => '<string>',
            'value' => '<string>',
        ],
        // ...
    ],
]);

Parameter Details

Members

allowExternalPrincipals

Type: boolean

Specifies whether principals outside your organization in Organizations can be associated with a resource share. A value of true lets you share with individual Amazon Web Services accounts that are not in your organization. A value of false only has meaning if your account is a member of an Amazon Web Services Organization. The default value is true.

clientToken

Type: string

If you don't provide this value, then Amazon Web Services generates a random one for you.

name

Required: Yes
Type: string

Specifies the name of the resource share.

permissionArns

Type: Array of strings

Specifies the Amazon Resource Names (ARNs) of the RAM permission to associate with the resource share. If you do not specify an ARN for the permission, RAM automatically attaches the default version of the permission for each resource type. You can associate only one permission with each resource type included in the resource share.

principals

Type: Array of strings

Specifies a list of one or more principals to associate with the resource share.

You can include the following values:

An Amazon Web Services account ID, for example: 123456789012
An Amazon Resoure Name (ARN) of an organization in Organizations, for example: organizations::123456789012:organization/o-exampleorgid
An ARN of an organizational unit (OU) in Organizations, for example: organizations::123456789012:ou/o-exampleorgid/ou-examplerootid-exampleouid123
An ARN of an IAM role, for example: iam::123456789012:role/rolename
An ARN of an IAM user, for example: iam::123456789012user/username

Not all resource types can be shared with IAM roles and users. For more information, see Sharing with IAM roles and users in the Resource Access Manager User Guide.

resourceArns

Type: Array of strings

Specifies a list of one or more ARNs of the resources to associate with the resource share.

tags

Type: Array of Tag structures

Specifies one or more tags to attach to the resource share itself. It doesn't attach the tags to the resources associated with the resource share.

Result Syntax

[
    'clientToken' => '<string>',
    'resourceShare' => [
        'allowExternalPrincipals' => true || false,
        'creationTime' => <DateTime>,
        'featureSet' => 'CREATED_FROM_POLICY|PROMOTING_TO_STANDARD|STANDARD',
        'lastUpdatedTime' => <DateTime>,
        'name' => '<string>',
        'owningAccountId' => '<string>',
        'resourceShareArn' => '<string>',
        'status' => 'PENDING|ACTIVE|FAILED|DELETING|DELETED',
        'statusMessage' => '<string>',
        'tags' => [
            [
                'key' => '<string>',
                'value' => '<string>',
            ],
            // ...
        ],
    ],
]

Result Details

Members

clientToken

Type: string

resourceShare

Type: ResourceShare structure

An object with information about the new resource share.

Errors

IdempotentParameterMismatchException:
The client token input parameter was matched one used with a previous call to the operation, but at least one of the other input parameters is different from the previous call.
InvalidStateTransitionException:
The requested state transition is not valid.
UnknownResourceException:
A specified resource was not found.
MalformedArnException:
The format of an Amazon Resource Name (ARN) is not valid.
InvalidClientTokenException:
The client token is not valid.
InvalidParameterException:
A parameter is not valid.
OperationNotPermittedException:
The requested operation is not permitted.
ResourceShareLimitExceededException:
This request would exceed the limit for resource shares for your account.
TagPolicyViolationException:
The specified tag key is a reserved word and can't be used.
ServerInternalException:
The service could not respond to the request due to an internal problem.
ServiceUnavailableException:
The service is not available.

DeleteResourceShare

$result = $client->deleteResourceShare([/* ... */]);
$promise = $client->deleteResourceShareAsync([/* ... */]);

Deletes the specified resource share. This doesn't delete any of the resources that were associated with the resource share; it only stops the sharing of those resources outside of the Amazon Web Services account that created them.

Parameter Syntax

$result = $client->deleteResourceShare([
    'clientToken' => '<string>',
    'resourceShareArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

clientToken

Type: string

If you don't provide this value, then Amazon Web Services generates a random one for you.

resourceShareArn

Required: Yes
Type: string

Specifies the Amazon Resoure Name (ARN) of the resource share to delete.

Result Syntax

[
    'clientToken' => '<string>',
    'returnValue' => true || false,
]

Result Details

Members

clientToken

Type: string

returnValue

Type: boolean

A return value of true indicates that the request succeeded. A value of false indicates that the request failed.

Errors

OperationNotPermittedException:
The requested operation is not permitted.
IdempotentParameterMismatchException:
The client token input parameter was matched one used with a previous call to the operation, but at least one of the other input parameters is different from the previous call.
InvalidStateTransitionException:
The requested state transition is not valid.
UnknownResourceException:
A specified resource was not found.
MalformedArnException:
The format of an Amazon Resource Name (ARN) is not valid.
InvalidClientTokenException:
The client token is not valid.
InvalidParameterException:
A parameter is not valid.
ServerInternalException:
The service could not respond to the request due to an internal problem.
ServiceUnavailableException:
The service is not available.

DisassociateResourceShare

$result = $client->disassociateResourceShare([/* ... */]);
$promise = $client->disassociateResourceShareAsync([/* ... */]);

Disassociates the specified principals or resources from the specified resource share.

Parameter Syntax

$result = $client->disassociateResourceShare([
    'clientToken' => '<string>',
    'principals' => ['<string>', ...],
    'resourceArns' => ['<string>', ...],
    'resourceShareArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

clientToken

Type: string

If you don't provide this value, then Amazon Web Services generates a random one for you.

principals

Type: Array of strings

Specifies a list of one or more principals that no longer are to have access to the resources in this resource share.

You can include the following values:

An Amazon Web Services account ID, for example: 123456789012
An Amazon Resoure Name (ARN) of an organization in Organizations, for example: organizations::123456789012:organization/o-exampleorgid
An ARN of an organizational unit (OU) in Organizations, for example: organizations::123456789012:ou/o-exampleorgid/ou-examplerootid-exampleouid123
An ARN of an IAM role, for example: iam::123456789012:role/rolename
An ARN of an IAM user, for example: iam::123456789012user/username

Not all resource types can be shared with IAM roles and users. For more information, see Sharing with IAM roles and users in the Resource Access Manager User Guide.

resourceArns

Type: Array of strings

Specifies a list of Amazon Resource Names (ARNs) for one or more resources that you want to remove from the resource share. After the operation runs, these resources are no longer shared with principals outside of the Amazon Web Services account that created the resources.

resourceShareArn

Required: Yes
Type: string

Specifies Amazon Resoure Name (ARN) of the resource share that you want to remove resources from.

Result Syntax

[
    'clientToken' => '<string>',
    'resourceShareAssociations' => [
        [
            'associatedEntity' => '<string>',
            'associationType' => 'PRINCIPAL|RESOURCE',
            'creationTime' => <DateTime>,
            'external' => true || false,
            'lastUpdatedTime' => <DateTime>,
            'resourceShareArn' => '<string>',
            'resourceShareName' => '<string>',
            'status' => 'ASSOCIATING|ASSOCIATED|FAILED|DISASSOCIATING|DISASSOCIATED',
            'statusMessage' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

clientToken

Type: string

resourceShareAssociations

Type: Array of ResourceShareAssociation structures

An array of objects that contain information about the updated associations for this resource share.

Errors

IdempotentParameterMismatchException:
The client token input parameter was matched one used with a previous call to the operation, but at least one of the other input parameters is different from the previous call.
ResourceShareLimitExceededException:
This request would exceed the limit for resource shares for your account.
MalformedArnException:
The format of an Amazon Resource Name (ARN) is not valid.
InvalidStateTransitionException:
The requested state transition is not valid.
InvalidClientTokenException:
The client token is not valid.
InvalidParameterException:
A parameter is not valid.
OperationNotPermittedException:
The requested operation is not permitted.
ServerInternalException:
The service could not respond to the request due to an internal problem.
ServiceUnavailableException:
The service is not available.
UnknownResourceException:
A specified resource was not found.

DisassociateResourceSharePermission

$result = $client->disassociateResourceSharePermission([/* ... */]);
$promise = $client->disassociateResourceSharePermissionAsync([/* ... */]);

Disassociates an RAM permission from a resource share. Permission changes take effect immediately. You can remove a RAM permission from a resource share only if there are currently no resources of the relevant resource type currently attached to the resource share.

Parameter Syntax

$result = $client->disassociateResourceSharePermission([
    'clientToken' => '<string>',
    'permissionArn' => '<string>', // REQUIRED
    'resourceShareArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

clientToken

Type: string

If you don't provide this value, then Amazon Web Services generates a random one for you.

permissionArn

Required: Yes
Type: string

The Amazon Resoure Name (ARN) of the permission to disassociate from the resource share. Changes to permissions take effect immediately.

resourceShareArn

Required: Yes
Type: string

The Amazon Resoure Name (ARN) of the resource share from which you want to disassociate a permission.

Result Syntax

[
    'clientToken' => '<string>',
    'returnValue' => true || false,
]

Result Details

Members

clientToken

Type: string

returnValue

Type: boolean

A return value of true indicates that the request succeeded. A value of false indicates that the request failed.

Errors

MalformedArnException:
The format of an Amazon Resource Name (ARN) is not valid.
UnknownResourceException:
A specified resource was not found.
InvalidParameterException:
A parameter is not valid.
InvalidClientTokenException:
The client token is not valid.
ServerInternalException:
The service could not respond to the request due to an internal problem.
ServiceUnavailableException:
The service is not available.
OperationNotPermittedException:
The requested operation is not permitted.
InvalidStateTransitionException:
The requested state transition is not valid.

EnableSharingWithAwsOrganization

$result = $client->enableSharingWithAwsOrganization([/* ... */]);
$promise = $client->enableSharingWithAwsOrganizationAsync([/* ... */]);

Enables resource sharing within your organization in Organizations. Calling this operation enables RAM to retrieve information about the organization and its structure. This lets you share resources with all of the accounts in an organization by specifying the organization's ID, or all of the accounts in an organizational unit (OU) by specifying the OU's ID. Until you enable sharing within the organization, you can specify only individual Amazon Web Services accounts, or for supported resource types, IAM users and roles.

You must call this operation from an IAM user or role in the organization's management account.

Parameter Syntax

$result = $client->enableSharingWithAwsOrganization([
]);

Parameter Details

Members

Result Syntax

[
    'returnValue' => true || false,
]

Result Details

Members

returnValue

Type: boolean

A return value of true indicates that the request succeeded. A value of false indicates that the request failed.

Errors

OperationNotPermittedException:
The requested operation is not permitted.
ServerInternalException:
The service could not respond to the request due to an internal problem.
ServiceUnavailableException:
The service is not available.

GetPermission

$result = $client->getPermission([/* ... */]);
$promise = $client->getPermissionAsync([/* ... */]);

Gets the contents of an RAM permission in JSON format.

Parameter Syntax

$result = $client->getPermission([
    'permissionArn' => '<string>', // REQUIRED
    'permissionVersion' => <integer>,
]);

Parameter Details

Members

permissionArn

Required: Yes
Type: string

Specifies the Amazon Resoure Name (ARN) of the permission whose contents you want to retrieve. To find the ARN for a permission, use either the ListPermissions operation or go to the Permissions library page in the RAM console and then choose the name of the permission. The ARN is displayed on the detail page.

permissionVersion

Type: int

Specifies identifier for the version of the RAM permission to retrieve. If you don't specify this parameter, the operation retrieves the default version.

Result Syntax

[
    'permission' => [
        'arn' => '<string>',
        'creationTime' => <DateTime>,
        'defaultVersion' => true || false,
        'isResourceTypeDefault' => true || false,
        'lastUpdatedTime' => <DateTime>,
        'name' => '<string>',
        'permission' => '<string>',
        'resourceType' => '<string>',
        'version' => '<string>',
    ],
]

Result Details

Members

permission

Type: ResourceSharePermissionDetail structure

An object that contains information about the permission.

Errors

InvalidParameterException:
A parameter is not valid.
MalformedArnException:
The format of an Amazon Resource Name (ARN) is not valid.
UnknownResourceException:
A specified resource was not found.
ServerInternalException:
The service could not respond to the request due to an internal problem.
ServiceUnavailableException:
The service is not available.
OperationNotPermittedException:
The requested operation is not permitted.

GetResourcePolicies

$result = $client->getResourcePolicies([/* ... */]);
$promise = $client->getResourcePoliciesAsync([/* ... */]);

Retrieves the resource policies for the specified resources that you own and have shared.

Parameter Syntax

$result = $client->getResourcePolicies([
    'maxResults' => <integer>,
    'nextToken' => '<string>',
    'principal' => '<string>',
    'resourceArns' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members

maxResults

Type: int

Specifies the total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the number you specify, the NextToken response element is returned with a value (not null). Include the specified value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

nextToken

Type: string

Specifies that you want to receive the next page of results. Valid only if you received a NextToken response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's NextToken response to request the next page of results.

principal

Type: string

Specifies the principal.

resourceArns

Required: Yes
Type: Array of strings

Specifies the Amazon Resource Names (ARNs) of the resources whose policies you want to retrieve.

Result Syntax

[
    'nextToken' => '<string>',
    'policies' => ['<string>', ...],
]

Result Details

Members

nextToken

Type: string

If present, this value indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null. This indicates that this is the last page of results.

policies

Type: Array of strings

An array of resource policy documents in JSON format.

Errors

MalformedArnException:
The format of an Amazon Resource Name (ARN) is not valid.
InvalidNextTokenException:
The specified value for NextToken is not valid.
InvalidParameterException:
A parameter is not valid.
ResourceArnNotFoundException:
The specified Amazon Resource Name (ARN) was not found.
ServerInternalException:
The service could not respond to the request due to an internal problem.
ServiceUnavailableException:
The service is not available.

GetResourceShareAssociations

$result = $client->getResourceShareAssociations([/* ... */]);
$promise = $client->getResourceShareAssociationsAsync([/* ... */]);

Retrieves the resource and principal associations for resource shares that you own.

Parameter Syntax

$result = $client->getResourceShareAssociations([
    'associationStatus' => 'ASSOCIATING|ASSOCIATED|FAILED|DISASSOCIATING|DISASSOCIATED',
    'associationType' => 'PRINCIPAL|RESOURCE', // REQUIRED
    'maxResults' => <integer>,
    'nextToken' => '<string>',
    'principal' => '<string>',
    'resourceArn' => '<string>',
    'resourceShareArns' => ['<string>', ...],
]);

Parameter Details

Members

associationStatus

Type: string

Specifies that you want to retrieve only associations with this status.

associationType

Required: Yes
Type: string

Specifies whether you want to retrieve the associations that involve a specified resource or principal.

PRINCIPAL – list the principals that are associated with the specified resource share.
RESOURCE – list the resources that are associated with the specified resource share.

maxResults

Type: int

nextToken

Type: string

principal

Type: string

Specifies the ID of the principal whose resource shares you want to retrieve. This can be an Amazon Web Services account ID, an organization ID, an organizational unit ID, or the Amazon Resoure Name (ARN) of an individual IAM user or role.

You cannot specify this parameter if the association type is RESOURCE.

resourceArn

Type: string

Specifies the Amazon Resoure Name (ARN) of the resource whose resource shares you want to retrieve.

You cannot specify this parameter if the association type is PRINCIPAL.

resourceShareArns

Type: Array of strings

Specifies a list of Amazon Resource Names (ARNs) of the resource share whose associations you want to retrieve.

Result Syntax

[
    'nextToken' => '<string>',
    'resourceShareAssociations' => [
        [
            'associatedEntity' => '<string>',
            'associationType' => 'PRINCIPAL|RESOURCE',
            'creationTime' => <DateTime>,
            'external' => true || false,
            'lastUpdatedTime' => <DateTime>,
            'resourceShareArn' => '<string>',
            'resourceShareName' => '<string>',
            'status' => 'ASSOCIATING|ASSOCIATED|FAILED|DISASSOCIATING|DISASSOCIATED',
            'statusMessage' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

nextToken

Type: string

resourceShareAssociations

Type: Array of ResourceShareAssociation structures

An array of objects that contain the details about the associations.

Errors

UnknownResourceException:
A specified resource was not found.
MalformedArnException:
The format of an Amazon Resource Name (ARN) is not valid.
InvalidNextTokenException:
The specified value for NextToken is not valid.
InvalidParameterException:
A parameter is not valid.
OperationNotPermittedException:
The requested operation is not permitted.
ServerInternalException:
The service could not respond to the request due to an internal problem.
ServiceUnavailableException:
The service is not available.

GetResourceShareInvitations

$result = $client->getResourceShareInvitations([/* ... */]);
$promise = $client->getResourceShareInvitationsAsync([/* ... */]);

Retrieves details about invitations that you have received for resource shares.

Parameter Syntax

$result = $client->getResourceShareInvitations([
    'maxResults' => <integer>,
    'nextToken' => '<string>',
    'resourceShareArns' => ['<string>', ...],
    'resourceShareInvitationArns' => ['<string>', ...],
]);

Parameter Details

Members

maxResults

Type: int

nextToken

Type: string

resourceShareArns

Type: Array of strings

Specifies that you want details about invitations only for the resource shares described by this list of Amazon Resource Names (ARNs)

resourceShareInvitationArns

Type: Array of strings

Specifies the Amazon Resource Names (ARNs) of the resource share invitations you want information about.

Result Syntax

[
    'nextToken' => '<string>',
    'resourceShareInvitations' => [
        [
            'invitationTimestamp' => <DateTime>,
            'receiverAccountId' => '<string>',
            'receiverArn' => '<string>',
            'resourceShareArn' => '<string>',
            'resourceShareAssociations' => [
                [
                    'associatedEntity' => '<string>',
                    'associationType' => 'PRINCIPAL|RESOURCE',
                    'creationTime' => <DateTime>,
                    'external' => true || false,
                    'lastUpdatedTime' => <DateTime>,
                    'resourceShareArn' => '<string>',
                    'resourceShareName' => '<string>',
                    'status' => 'ASSOCIATING|ASSOCIATED|FAILED|DISASSOCIATING|DISASSOCIATED',
                    'statusMessage' => '<string>',
                ],
                // ...
            ],
            'resourceShareInvitationArn' => '<string>',
            'resourceShareName' => '<string>',
            'senderAccountId' => '<string>',
            'status' => 'PENDING|ACCEPTED|REJECTED|EXPIRED',
        ],
        // ...
    ],
]

Result Details

Members

nextToken

Type: string

resourceShareInvitations

Type: Array of ResourceShareInvitation structures

An array of objects that contain the details about the invitations.

Errors

ResourceShareInvitationArnNotFoundException:
The specified Amazon Resource Name (ARN) for an invitation was not found.
InvalidMaxResultsException:
The specified value for MaxResults is not valid.
MalformedArnException:
The format of an Amazon Resource Name (ARN) is not valid.
UnknownResourceException:
A specified resource was not found.
InvalidNextTokenException:
The specified value for NextToken is not valid.
InvalidParameterException:
A parameter is not valid.
ServerInternalException:
The service could not respond to the request due to an internal problem.
ServiceUnavailableException:
The service is not available.

GetResourceShares

$result = $client->getResourceShares([/* ... */]);
$promise = $client->getResourceSharesAsync([/* ... */]);

Retrieves details about the resource shares that you own or that are shared with you.

Parameter Syntax

$result = $client->getResourceShares([
    'maxResults' => <integer>,
    'name' => '<string>',
    'nextToken' => '<string>',
    'permissionArn' => '<string>',
    'resourceOwner' => 'SELF|OTHER-ACCOUNTS', // REQUIRED
    'resourceShareArns' => ['<string>', ...],
    'resourceShareStatus' => 'PENDING|ACTIVE|FAILED|DELETING|DELETED',
    'tagFilters' => [
        [
            'tagKey' => '<string>',
            'tagValues' => ['<string>', ...],
        ],
        // ...
    ],
]);

Parameter Details

Members

maxResults

Type: int

name

Type: string

Specifies the name of an individual resource share that you want to retrieve details about.

nextToken

Type: string

permissionArn

Type: string

Specifies that you want to retrieve details of only those resource shares that use the RAM permission with this Amazon Resoure Name (ARN).

resourceOwner

Required: Yes
Type: string

Specifies that you want to retrieve details of only those resource shares that match the following:

SELF – resource shares that your account shares with other accounts
OTHER-ACCOUNTS – resource shares that other accounts share with your account

resourceShareArns

Type: Array of strings

Specifies the Amazon Resource Names (ARNs) of individual resource shares that you want information about.

resourceShareStatus

Type: string

Specifies that you want to retrieve details of only those resource shares that have this status.

tagFilters

Type: Array of TagFilter structures

Specifies that you want to retrieve details of only those resource shares that match the specified tag keys and values.

Result Syntax

[
    'nextToken' => '<string>',
    'resourceShares' => [
        [
            'allowExternalPrincipals' => true || false,
            'creationTime' => <DateTime>,
            'featureSet' => 'CREATED_FROM_POLICY|PROMOTING_TO_STANDARD|STANDARD',
            'lastUpdatedTime' => <DateTime>,
            'name' => '<string>',
            'owningAccountId' => '<string>',
            'resourceShareArn' => '<string>',
            'status' => 'PENDING|ACTIVE|FAILED|DELETING|DELETED',
            'statusMessage' => '<string>',
            'tags' => [
                [
                    'key' => '<string>',
                    'value' => '<string>',
                ],
                // ...
            ],
        ],
        // ...
    ],
]

Result Details

Members

nextToken

Type: string

resourceShares

Type: Array of ResourceShare structures

An array of objects that contain the information about the resource shares.

Errors

UnknownResourceException:
A specified resource was not found.
MalformedArnException:
The format of an Amazon Resource Name (ARN) is not valid.
InvalidNextTokenException:
The specified value for NextToken is not valid.
InvalidParameterException:
A parameter is not valid.
ServerInternalException:
The service could not respond to the request due to an internal problem.
ServiceUnavailableException:
The service is not available.

ListPendingInvitationResources

$result = $client->listPendingInvitationResources([/* ... */]);
$promise = $client->listPendingInvitationResourcesAsync([/* ... */]);

Lists the resources in a resource share that is shared with you but for which the invitation is still PENDING. That means that you haven't accepted or rejected the invitation and the invitation hasn't expired.

Parameter Syntax

$result = $client->listPendingInvitationResources([
    'maxResults' => <integer>,
    'nextToken' => '<string>',
    'resourceRegionScope' => 'ALL|REGIONAL|GLOBAL',
    'resourceShareInvitationArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

maxResults

Type: int

nextToken

Type: string

resourceRegionScope

Type: string

Specifies that you want the results to include only resources that have the specified scope.

ALL – the results include both global and regional resources or resource types.
GLOBAL – the results include only global resources or resource types.
REGIONAL – the results include only regional resources or resource types.

The default value is ALL.

resourceShareInvitationArn

Required: Yes
Type: string

Specifies the Amazon Resoure Name (ARN) of the invitation. You can use GetResourceShareInvitations to find the ARN of the invitation.

Result Syntax

[
    'nextToken' => '<string>',
    'resources' => [
        [
            'arn' => '<string>',
            'creationTime' => <DateTime>,
            'lastUpdatedTime' => <DateTime>,
            'resourceGroupArn' => '<string>',
            'resourceRegionScope' => 'REGIONAL|GLOBAL',
            'resourceShareArn' => '<string>',
            'status' => 'AVAILABLE|ZONAL_RESOURCE_INACCESSIBLE|LIMIT_EXCEEDED|UNAVAILABLE|PENDING',
            'statusMessage' => '<string>',
            'type' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

nextToken

Type: string

resources

Type: Array of Resource structures

An array of objects that contain the information about the resources included the specified resource share.

Errors

MalformedArnException:
The format of an Amazon Resource Name (ARN) is not valid.
InvalidNextTokenException:
The specified value for NextToken is not valid.
InvalidParameterException:
A parameter is not valid.
ServerInternalException:
The service could not respond to the request due to an internal problem.
ServiceUnavailableException:
The service is not available.
ResourceShareInvitationArnNotFoundException:
The specified Amazon Resource Name (ARN) for an invitation was not found.
MissingRequiredParameterException:
A required input parameter is missing.
ResourceShareInvitationAlreadyRejectedException:
The specified invitation was already rejected.
ResourceShareInvitationExpiredException:
The specified invitation is expired.

ListPermissionVersions

$result = $client->listPermissionVersions([/* ... */]);
$promise = $client->listPermissionVersionsAsync([/* ... */]);

Lists the available versions of the specified RAM permission.

Parameter Syntax

$result = $client->listPermissionVersions([
    'maxResults' => <integer>,
    'nextToken' => '<string>',
    'permissionArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

maxResults

Type: int

nextToken

Type: string

permissionArn

Required: Yes
Type: string

Specifies the Amazon Resoure Name (ARN) of the RAM permission whose versions you want to list. You can use the permissionVersion parameter on the AssociateResourceSharePermission operation to specify a non-default version to attach.

Result Syntax

[
    'nextToken' => '<string>',
    'permissions' => [
        [
            'arn' => '<string>',
            'creationTime' => <DateTime>,
            'defaultVersion' => true || false,
            'isResourceTypeDefault' => true || false,
            'lastUpdatedTime' => <DateTime>,
            'name' => '<string>',
            'resourceType' => '<string>',
            'status' => '<string>',
            'version' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

nextToken

Type: string

permissions

Type: Array of ResourceSharePermissionSummary structures

An array of objects that contain details for each of the available versions.

Errors

MalformedArnException:
The format of an Amazon Resource Name (ARN) is not valid.
UnknownResourceException:
A specified resource was not found.
InvalidNextTokenException:
The specified value for NextToken is not valid.
ServerInternalException:
The service could not respond to the request due to an internal problem.
ServiceUnavailableException:
The service is not available.
OperationNotPermittedException:
The requested operation is not permitted.
InvalidParameterException:
A parameter is not valid.

ListPermissions

$result = $client->listPermissions([/* ... */]);
$promise = $client->listPermissionsAsync([/* ... */]);

Retrieves a list of available RAM permissions that you can use for the supported resource types.

Parameter Syntax

$result = $client->listPermissions([
    'maxResults' => <integer>,
    'nextToken' => '<string>',
    'resourceType' => '<string>',
]);

Parameter Details

Members

maxResults

Type: int

nextToken

Type: string

resourceType

Type: string

Specifies that you want to list permissions for only the specified resource type. For example, to list only permissions that apply to EC2 subnets, specify ec2:Subnet. You can use the ListResourceTypes operation to get the specific string required.

Result Syntax

[
    'nextToken' => '<string>',
    'permissions' => [
        [
            'arn' => '<string>',
            'creationTime' => <DateTime>,
            'defaultVersion' => true || false,
            'isResourceTypeDefault' => true || false,
            'lastUpdatedTime' => <DateTime>,
            'name' => '<string>',
            'resourceType' => '<string>',
            'status' => '<string>',
            'version' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

nextToken

Type: string

permissions

Type: Array of ResourceSharePermissionSummary structures

An array of objects with information about the permissions.

Errors

InvalidParameterException:
A parameter is not valid.
InvalidNextTokenException:
The specified value for NextToken is not valid.
ServerInternalException:
The service could not respond to the request due to an internal problem.
ServiceUnavailableException:
The service is not available.
OperationNotPermittedException:
The requested operation is not permitted.

ListPrincipals

$result = $client->listPrincipals([/* ... */]);
$promise = $client->listPrincipalsAsync([/* ... */]);

Lists the principals that you are sharing resources with or that are sharing resources with you.

Parameter Syntax

$result = $client->listPrincipals([
    'maxResults' => <integer>,
    'nextToken' => '<string>',
    'principals' => ['<string>', ...],
    'resourceArn' => '<string>',
    'resourceOwner' => 'SELF|OTHER-ACCOUNTS', // REQUIRED
    'resourceShareArns' => ['<string>', ...],
    'resourceType' => '<string>',
]);

Parameter Details

Members

maxResults

Type: int

nextToken

Type: string

principals

Type: Array of strings

Specifies that you want to list information for only the listed principals.

You can include the following values:

An Amazon Web Services account ID, for example: 123456789012
An Amazon Resoure Name (ARN) of an organization in Organizations, for example: organizations::123456789012:organization/o-exampleorgid
An ARN of an organizational unit (OU) in Organizations, for example: organizations::123456789012:ou/o-exampleorgid/ou-examplerootid-exampleouid123
An ARN of an IAM role, for example: iam::123456789012:role/rolename
An ARN of an IAM user, for example: iam::123456789012user/username

Not all resource types can be shared with IAM roles and users. For more information, see Sharing with IAM roles and users in the Resource Access Manager User Guide.

resourceArn

Type: string

Specifies that you want to list principal information for the resource share with the specified Amazon Resoure Name (ARN).

resourceOwner

Required: Yes
Type: string

Specifies that you want to list information for only resource shares that match the following:

SELF – principals that your account is sharing resources with
OTHER-ACCOUNTS – principals that are sharing resources with your account

resourceShareArns

Type: Array of strings

Specifies that you want to list information for only principals associated with the resource shares specified by a list the Amazon Resource Names (ARNs).

resourceType

Type: string

Specifies that you want to list information for only principals associated with resource shares that include the specified resource type.

For a list of valid values, query the ListResourceTypes operation.

Result Syntax

[
    'nextToken' => '<string>',
    'principals' => [
        [
            'creationTime' => <DateTime>,
            'external' => true || false,
            'id' => '<string>',
            'lastUpdatedTime' => <DateTime>,
            'resourceShareArn' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

nextToken

Type: string

principals

Type: Array of Principal structures

An array of objects that contain the details about the principals.

Errors

MalformedArnException:
The format of an Amazon Resource Name (ARN) is not valid.
UnknownResourceException:
A specified resource was not found.
InvalidNextTokenException:
The specified value for NextToken is not valid.
InvalidParameterException:
A parameter is not valid.
ServerInternalException:
The service could not respond to the request due to an internal problem.
ServiceUnavailableException:
The service is not available.

ListResourceSharePermissions

$result = $client->listResourceSharePermissions([/* ... */]);
$promise = $client->listResourceSharePermissionsAsync([/* ... */]);

Lists the RAM permissions that are associated with a resource share.

Parameter Syntax

$result = $client->listResourceSharePermissions([
    'maxResults' => <integer>,
    'nextToken' => '<string>',
    'resourceShareArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

maxResults

Type: int

nextToken

Type: string

resourceShareArn

Required: Yes
Type: string

Specifies the Amazon Resoure Name (ARN) of the resource share for which you want to retrieve the associated permissions.

Result Syntax

[
    'nextToken' => '<string>',
    'permissions' => [
        [
            'arn' => '<string>',
            'creationTime' => <DateTime>,
            'defaultVersion' => true || false,
            'isResourceTypeDefault' => true || false,
            'lastUpdatedTime' => <DateTime>,
            'name' => '<string>',
            'resourceType' => '<string>',
            'status' => '<string>',
            'version' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

nextToken

Type: string

permissions

Type: Array of ResourceSharePermissionSummary structures

An array of objects that describe the permissions associated with the resource share.

Errors

InvalidParameterException:
A parameter is not valid.
MalformedArnException:
The format of an Amazon Resource Name (ARN) is not valid.
UnknownResourceException:
A specified resource was not found.
InvalidNextTokenException:
The specified value for NextToken is not valid.
ServerInternalException:
The service could not respond to the request due to an internal problem.
ServiceUnavailableException:
The service is not available.
OperationNotPermittedException:
The requested operation is not permitted.

ListResourceTypes

$result = $client->listResourceTypes([/* ... */]);
$promise = $client->listResourceTypesAsync([/* ... */]);

Lists the resource types that can be shared by RAM.

Parameter Syntax

$result = $client->listResourceTypes([
    'maxResults' => <integer>,
    'nextToken' => '<string>',
    'resourceRegionScope' => 'ALL|REGIONAL|GLOBAL',
]);

Parameter Details

Members

maxResults

Type: int

nextToken

Type: string

resourceRegionScope

Type: string

Specifies that you want the results to include only resources that have the specified scope.

ALL – the results include both global and regional resources or resource types.
GLOBAL – the results include only global resources or resource types.
REGIONAL – the results include only regional resources or resource types.

The default value is ALL.

Result Syntax

[
    'nextToken' => '<string>',
    'resourceTypes' => [
        [
            'resourceRegionScope' => 'REGIONAL|GLOBAL',
            'resourceType' => '<string>',
            'serviceName' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

nextToken

Type: string

resourceTypes

Type: Array of ServiceNameAndResourceType structures

An array of objects that contain information about the resource types that can be shared using RAM.

Errors

InvalidNextTokenException:
The specified value for NextToken is not valid.
InvalidParameterException:
A parameter is not valid.
ServerInternalException:
The service could not respond to the request due to an internal problem.
ServiceUnavailableException:
The service is not available.

ListResources

$result = $client->listResources([/* ... */]);
$promise = $client->listResourcesAsync([/* ... */]);

Lists the resources that you added to a resource share or the resources that are shared with you.

Parameter Syntax

$result = $client->listResources([
    'maxResults' => <integer>,
    'nextToken' => '<string>',
    'principal' => '<string>',
    'resourceArns' => ['<string>', ...],
    'resourceOwner' => 'SELF|OTHER-ACCOUNTS', // REQUIRED
    'resourceRegionScope' => 'ALL|REGIONAL|GLOBAL',
    'resourceShareArns' => ['<string>', ...],
    'resourceType' => '<string>',
]);

Parameter Details

Members

maxResults

Type: int

nextToken

Type: string

principal

Type: string

Specifies that you want to list only the resource shares that are associated with the specified principal.

resourceArns

Type: Array of strings

Specifies that you want to list only the resource shares that include resources with the specified Amazon Resource Names (ARNs).

resourceOwner

Required: Yes
Type: string

Specifies that you want to list only the resource shares that match the following:

SELF – resources that your account shares with other accounts
OTHER-ACCOUNTS – resources that other accounts share with your account

resourceRegionScope

Type: string

Specifies that you want the results to include only resources that have the specified scope.

ALL – the results include both global and regional resources or resource types.
GLOBAL – the results include only global resources or resource types.
REGIONAL – the results include only regional resources or resource types.

The default value is ALL.

resourceShareArns

Type: Array of strings

Specifies that you want to list only resources in the resource shares identified by the specified Amazon Resource Names (ARNs).

resourceType

Type: string

Specifies that you want to list only the resource shares that include resources of the specified resource type.

For valid values, query the ListResourceTypes operation.

Result Syntax

[
    'nextToken' => '<string>',
    'resources' => [
        [
            'arn' => '<string>',
            'creationTime' => <DateTime>,
            'lastUpdatedTime' => <DateTime>,
            'resourceGroupArn' => '<string>',
            'resourceRegionScope' => 'REGIONAL|GLOBAL',
            'resourceShareArn' => '<string>',
            'status' => 'AVAILABLE|ZONAL_RESOURCE_INACCESSIBLE|LIMIT_EXCEEDED|UNAVAILABLE|PENDING',
            'statusMessage' => '<string>',
            'type' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members

nextToken

Type: string

resources

Type: Array of Resource structures

An array of objects that contain information about the resources.

Errors

InvalidResourceTypeException:
The specified resource type is not valid.
UnknownResourceException:
A specified resource was not found.
MalformedArnException:
The format of an Amazon Resource Name (ARN) is not valid.
InvalidNextTokenException:
The specified value for NextToken is not valid.
InvalidParameterException:
A parameter is not valid.
ServerInternalException:
The service could not respond to the request due to an internal problem.
ServiceUnavailableException:
The service is not available.

PromoteResourceShareCreatedFromPolicy

$result = $client->promoteResourceShareCreatedFromPolicy([/* ... */]);
$promise = $client->promoteResourceShareCreatedFromPolicyAsync([/* ... */]);

When you attach a resource-based permission policy to a resource, it automatically creates a resource share. However, resource shares created this way are visible only to the resource share owner, and the resource share can't be modified in RAM.

You can use this operation to promote the resource share to a full RAM resource share. When you promote a resource share, you can then manage the resource share in RAM and it becomes visible to all of the principals you shared it with.

Parameter Syntax

$result = $client->promoteResourceShareCreatedFromPolicy([
    'resourceShareArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

resourceShareArn

Required: Yes
Type: string

Specifies the Amazon Resoure Name (ARN) of the resource share to promote.

Result Syntax

[
    'returnValue' => true || false,
]

Result Details

Members

returnValue

Type: boolean

A return value of true indicates that the request succeeded. A value of false indicates that the request failed.

Errors

MalformedArnException:
The format of an Amazon Resource Name (ARN) is not valid.
ResourceShareLimitExceededException:
This request would exceed the limit for resource shares for your account.
OperationNotPermittedException:
The requested operation is not permitted.
InvalidParameterException:
A parameter is not valid.
MissingRequiredParameterException:
A required input parameter is missing.
ServerInternalException:
The service could not respond to the request due to an internal problem.
ServiceUnavailableException:
The service is not available.
UnknownResourceException:
A specified resource was not found.

RejectResourceShareInvitation

$result = $client->rejectResourceShareInvitation([/* ... */]);
$promise = $client->rejectResourceShareInvitationAsync([/* ... */]);

Rejects an invitation to a resource share from another Amazon Web Services account.

Parameter Syntax

$result = $client->rejectResourceShareInvitation([
    'clientToken' => '<string>',
    'resourceShareInvitationArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

clientToken

Type: string

If you don't provide this value, then Amazon Web Services generates a random one for you.

resourceShareInvitationArn

Required: Yes
Type: string

Specifies the Amazon Resoure Name (ARN) of the invitation that you want to reject.

Result Syntax

[
    'clientToken' => '<string>',
    'resourceShareInvitation' => [
        'invitationTimestamp' => <DateTime>,
        'receiverAccountId' => '<string>',
        'receiverArn' => '<string>',
        'resourceShareArn' => '<string>',
        'resourceShareAssociations' => [
            [
                'associatedEntity' => '<string>',
                'associationType' => 'PRINCIPAL|RESOURCE',
                'creationTime' => <DateTime>,
                'external' => true || false,
                'lastUpdatedTime' => <DateTime>,
                'resourceShareArn' => '<string>',
                'resourceShareName' => '<string>',
                'status' => 'ASSOCIATING|ASSOCIATED|FAILED|DISASSOCIATING|DISASSOCIATED',
                'statusMessage' => '<string>',
            ],
            // ...
        ],
        'resourceShareInvitationArn' => '<string>',
        'resourceShareName' => '<string>',
        'senderAccountId' => '<string>',
        'status' => 'PENDING|ACCEPTED|REJECTED|EXPIRED',
    ],
]

Result Details

Members

clientToken

Type: string

resourceShareInvitation

Type: ResourceShareInvitation structure

An object that contains the details about the rejected invitation.

Errors

MalformedArnException:
The format of an Amazon Resource Name (ARN) is not valid.
OperationNotPermittedException:
The requested operation is not permitted.
ResourceShareInvitationArnNotFoundException:
The specified Amazon Resource Name (ARN) for an invitation was not found.
ResourceShareInvitationAlreadyAcceptedException:
The specified invitation was already accepted.
ResourceShareInvitationAlreadyRejectedException:
The specified invitation was already rejected.
ResourceShareInvitationExpiredException:
The specified invitation is expired.
ServerInternalException:
The service could not respond to the request due to an internal problem.
ServiceUnavailableException:
The service is not available.
InvalidClientTokenException:
The client token is not valid.
IdempotentParameterMismatchException:
The client token input parameter was matched one used with a previous call to the operation, but at least one of the other input parameters is different from the previous call.

TagResource

$result = $client->tagResource([/* ... */]);
$promise = $client->tagResourceAsync([/* ... */]);

Adds the specified tag keys and values to the specified resource share. The tags are attached only to the resource share, not to the resources that are in the resource share.

Parameter Syntax

$result = $client->tagResource([
    'resourceShareArn' => '<string>', // REQUIRED
    'tags' => [ // REQUIRED
        [
            'key' => '<string>',
            'value' => '<string>',
        ],
        // ...
    ],
]);

Parameter Details

Members

resourceShareArn

Required: Yes
Type: string

Specifies the Amazon Resoure Name (ARN) of the resource share that you want to add tags to.

tags

Required: Yes
Type: Array of Tag structures

A list of one or more tag key and value pairs. The tag key must be present and not be an empty string. The tag value must be present but can be an empty string.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidParameterException:
A parameter is not valid.
MalformedArnException:
The format of an Amazon Resource Name (ARN) is not valid.
UnknownResourceException:
A specified resource was not found.
TagLimitExceededException:
This request would exceed the limit for tags for your account.
ResourceArnNotFoundException:
The specified Amazon Resource Name (ARN) was not found.
TagPolicyViolationException:
The specified tag key is a reserved word and can't be used.
ServerInternalException:
The service could not respond to the request due to an internal problem.
ServiceUnavailableException:
The service is not available.

UntagResource

$result = $client->untagResource([/* ... */]);
$promise = $client->untagResourceAsync([/* ... */]);

Removes the specified tag key and value pairs from the specified resource share.

Parameter Syntax

$result = $client->untagResource([
    'resourceShareArn' => '<string>', // REQUIRED
    'tagKeys' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members

resourceShareArn

Required: Yes
Type: string

Specifies the Amazon Resoure Name (ARN) of the resource share that you want to remove tags from. The tags are removed from the resource share, not the resources in the resource share.

tagKeys

Required: Yes
Type: Array of strings

Specifies a list of one or more tag keys that you want to remove.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidParameterException:
A parameter is not valid.
ServerInternalException:
The service could not respond to the request due to an internal problem.
ServiceUnavailableException:
The service is not available.

UpdateResourceShare

$result = $client->updateResourceShare([/* ... */]);
$promise = $client->updateResourceShareAsync([/* ... */]);

Modifies some of the properties of the specified resource share.

Parameter Syntax

$result = $client->updateResourceShare([
    'allowExternalPrincipals' => true || false,
    'clientToken' => '<string>',
    'name' => '<string>',
    'resourceShareArn' => '<string>', // REQUIRED
]);

Parameter Details

Members

allowExternalPrincipals

Type: boolean

Specifies whether principals outside your organization in Organizations can be associated with a resource share.

clientToken

Type: string

If you don't provide this value, then Amazon Web Services generates a random one for you.

name

Type: string

If specified, the new name that you want to attach to the resource share.

resourceShareArn

Required: Yes
Type: string

Specifies the Amazon Resoure Name (ARN) of the resource share that you want to modify.

Result Syntax

[
    'clientToken' => '<string>',
    'resourceShare' => [
        'allowExternalPrincipals' => true || false,
        'creationTime' => <DateTime>,
        'featureSet' => 'CREATED_FROM_POLICY|PROMOTING_TO_STANDARD|STANDARD',
        'lastUpdatedTime' => <DateTime>,
        'name' => '<string>',
        'owningAccountId' => '<string>',
        'resourceShareArn' => '<string>',
        'status' => 'PENDING|ACTIVE|FAILED|DELETING|DELETED',
        'statusMessage' => '<string>',
        'tags' => [
            [
                'key' => '<string>',
                'value' => '<string>',
            ],
            // ...
        ],
    ],
]

Result Details

Members

clientToken

Type: string

resourceShare

Type: ResourceShare structure

Information about the resource share.

Errors

IdempotentParameterMismatchException:
The client token input parameter was matched one used with a previous call to the operation, but at least one of the other input parameters is different from the previous call.
MissingRequiredParameterException:
A required input parameter is missing.
UnknownResourceException:
A specified resource was not found.
MalformedArnException:
The format of an Amazon Resource Name (ARN) is not valid.
InvalidClientTokenException:
The client token is not valid.
InvalidParameterException:
A parameter is not valid.
OperationNotPermittedException:
The requested operation is not permitted.
ServerInternalException:
The service could not respond to the request due to an internal problem.
ServiceUnavailableException:
The service is not available.

Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when the principal was associated with the resource share.

external

Type: boolean

Indicates whether the principal belongs to the same organization in Organizations as the Amazon Web Services account that owns the resource share.

id

Type: string

The ID of the principal.

lastUpdatedTime

Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when the association was last updated.

resourceShareArn

Type: string

The Amazon Resoure Name (ARN) of a resource share the principal is associated with.

Resource

Description

Describes a resource associated with a resource share in RAM.

Members

arn

Type: string

The Amazon Resoure Name (ARN) of the resource.

creationTime

Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when the resource was associated with the resource share.

lastUpdatedTime

Type: timestamp (string|DateTime or anything parsable by strtotime)

The date an time when the association was last updated.

resourceGroupArn

Type: string

The Amazon Resoure Name (ARN) of the resource group. This value is available only if the resource is part of a resource group.

resourceRegionScope

Type: string

Specifies the scope of visibility of this resource:

REGIONAL – The resource can be accessed only by using requests that target the Amazon Web Services Region in which the resource exists.
GLOBAL – The resource can be accessed from any Amazon Web Services Region.

resourceShareArn

Type: string

The Amazon Resoure Name (ARN) of the resource share this resource is associated with.

status

Type: string

The current status of the resource.

statusMessage

Type: string

A message about the status of the resource.

type

Type: string

The resource type. This takes the form of: service-code:resource-code

ResourceArnNotFoundException

Description

The specified Amazon Resource Name (ARN) was not found.

Members

message

Required: Yes
Type: string

ResourceShare

Description

Describes a resource share in RAM.

Members

allowExternalPrincipals

Type: boolean

Indicates whether principals outside your organization in Organizations can be associated with a resource share.

creationTime

Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when the resource share was created.

featureSet

Type: string

Indicates how the resource share was created. Possible values include:

CREATED_FROM_POLICY - Indicates that the resource share was created from an Identity and Access Management (IAM) resource-based permission policy attached to the resource. This type of resource share is visible only to the Amazon Web Services account that created it. You can't modify it in RAM unless you promote it. For more information, see PromoteResourceShareCreatedFromPolicy.
PROMOTING_TO_STANDARD - The resource share is in the process of being promoted. For more information, see PromoteResourceShareCreatedFromPolicy.
STANDARD - Indicates that the resource share was created in RAM using the console or APIs. These resource shares are visible to all principals you share the resource share with. You can modify these resource shares in RAM using the console or APIs.

lastUpdatedTime

Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when the resource share was last updated.

name

Type: string

The name of the resource share.

owningAccountId

Type: string

The ID of the Amazon Web Services account that owns the resource share.

resourceShareArn

Type: string

The Amazon Resoure Name (ARN) of the resource share

status

Type: string

The current status of the resource share.

statusMessage

Type: string

A message about the status of the resource share.

tags

Type: Array of Tag structures

The tag key and value pairs attached to the resource share.

ResourceShareAssociation

Description

Describes an association with a resource share and either a principal or a resource.

Members

associatedEntity

Type: string

The associated entity. This can be either of the following:

For a resource association, this is the Amazon Resoure Name (ARN) of the resource.
For principal associations, this is one of the following:
- The ID of an Amazon Web Services account
- The Amazon Resoure Name (ARN) of an organization in Organizations
- The ARN of an organizational unit (OU) in Organizations
- The ARN of an IAM role
- The ARN of an IAM user

associationType

Type: string

The type of entity included in this association.

creationTime

Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when the association was created.

external

Type: boolean

Indicates whether the principal belongs to the same organization in Organizations as the Amazon Web Services account that owns the resource share.

lastUpdatedTime

Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when the association was last updated.

resourceShareArn

Type: string

The Amazon Resoure Name (ARN) of the resource share.

resourceShareName

Type: string

The name of the resource share.

status

Type: string

The current status of the association.

statusMessage

Type: string

A message about the status of the association.

ResourceShareInvitation

Description

Describes an invitation for an Amazon Web Services account to join a resource share.

Members

invitationTimestamp

Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when the invitation was sent.

receiverAccountId

Type: string

The ID of the Amazon Web Services account that received the invitation.

receiverArn

Type: string

The Amazon Resoure Name (ARN) of the IAM user or role that received the invitation.

resourceShareArn

Type: string

The Amazon Resoure Name (ARN) of the resource share

resourceShareAssociations

Type: Array of ResourceShareAssociation structures

To view the resources associated with a pending resource share invitation, use ListPendingInvitationResources.

resourceShareInvitationArn

Type: string

The Amazon Resoure Name (ARN) of the invitation.

resourceShareName

Type: string

The name of the resource share.

senderAccountId

Type: string

The ID of the Amazon Web Services account that sent the invitation.

status

Type: string

Type: string

The Amazon Resoure Name (ARN) of this RAM permission.

creationTime

Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when the permission was created.

defaultVersion

Type: boolean

Specifies whether the version of the permission represented in this structure is the default version for this permission.

isResourceTypeDefault

Type: boolean

Specifies whether the version of the permission represented in this structure is the default version for all resources of this resource type.

lastUpdatedTime

Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when the permission was last updated.

name

Type: string

The name of this permission.

permission

Type: string

The permission's effect and actions in JSON format. The effect indicates whether the specified actions are allowed or denied. The actions list the operations to which the principal is granted or denied access.

resourceType

Type: string

The resource type to which this permission applies.

version

Type: string

The version of the permission represented in this structure.

ResourceSharePermissionSummary

Description

Information about an RAM permission that is associated with a resource share and any of its resources of a specified type.

Members

arn

Type: string

The Amazon Resoure Name (ARN) of the permission you want information about.

creationTime

Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when the permission was created.

defaultVersion

Type: boolean

Specifies whether the version of the permission represented in this structure is the default version for this permission.

isResourceTypeDefault

Type: boolean

Specifies whether the version of the permission represented in this structure is the default version for all resources of this resource type.

lastUpdatedTime

Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when the permission was last updated.

name

Type: string

The name of this permission.

resourceType

Type: string

The type of resource to which this permission applies.

status

Type: string

The current status of the permission.

version

Type: string

The version of the permission represented in this structure.

ServerInternalException

Description

The service could not respond to the request due to an internal problem.

Members

message

Required: Yes
Type: string

ServiceNameAndResourceType

Description

Information about a shareable resource type and the Amazon Web Services service to which resources of that type belong.

Members

resourceRegionScope

Type: string

Specifies the scope of visibility of resources of this type:

REGIONAL – The resource can be accessed only by using requests that target the Amazon Web Services Region in which the resource exists.
GLOBAL – The resource can be accessed from any Amazon Web Services Region.

resourceType

Type: string

The type of the resource.

serviceName

Type: string

The name of the Amazon Web Services service to which resources of this type belong.

ServiceUnavailableException

Description

The service is not available.

Members

message

Required: Yes
Type: string

Tag

Description

A structure containing a tag. A tag is metadata that you can attach to your resources to help organize and categorize them. You can also use them to help you secure your resources. For more information, see Controlling access to Amazon Web Services resources using tags.

For more information about tags, see Tagging Amazon Web Services resources in the Amazon Web Services General Reference Guide.

Members

key

Type: string

The key, or name, attached to the tag. Every tag must have a key. Key names are case sensitive.

value

Type: string

The string value attached to the tag. The value can be an empty string. Key values are case sensitive.

TagFilter

Description

A tag key and optional list of possible values that you can use to filter results for tagged resources.

Members

tagKey

Type: string

The tag key. This must have a valid string value and can't be empty.

tagValues

Type: Array of strings

Required: Yes
Type: string

Namespaces

Classes

Interfaces

Traits

Exceptions

Functions

AWS Resource Access Manager 2018-01-04

Operation Summary

Paginators

Operations

AcceptResourceShareInvitation

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

AssociateResourceShare

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

AssociateResourceSharePermission

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

CreateResourceShare

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

DeleteResourceShare

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

DisassociateResourceShare

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

DisassociateResourceSharePermission

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

EnableSharingWithAwsOrganization

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details

Members

Errors

GetPermission

Parameter Syntax

Parameter Details

Members

Result Syntax

Result Details