AssociatePermission
Note
Amazon Q Business will no longer be open to new customers starting on July 31, 2026. If you would like to use the service, please sign up prior to July 30. For capabilities similar to Q Business, explore Amazon Quick. Learn more.
Adds or updates a permission policy for a Amazon Q Business application, allowing cross-account access for an ISV. This operation creates a new policy statement for the specified Amazon Q Business application. The policy statement defines the IAM actions that the ISV is allowed to perform on the Amazon Q Business application's resources.
Request Syntax
POST /applications/applicationId/policy HTTP/1.1
Content-type: application/json
{
"actions": [ "string" ],
"conditions": [
{
"conditionKey": "string",
"conditionOperator": "string",
"conditionValues": [ "string" ]
}
],
"principal": "string",
"statementId": "string"
}
URI Request Parameters
The request uses the following URI parameters.
- applicationId
-
The unique identifier of the Amazon Q Business application.
Length Constraints: Fixed length of 36.
Pattern:
[a-zA-Z0-9][a-zA-Z0-9-]{35}Required: Yes
Request Body
The request accepts the following data in JSON format.
- actions
-
The list of Amazon Q Business actions that the ISV is allowed to perform.
Type: Array of strings
Array Members: Minimum number of 1 item. Maximum number of 10 items.
Pattern:
qbusiness:[a-zA-Z]+Required: Yes
- conditions
-
The conditions that restrict when the permission is effective. These conditions can be used to limit the permission based on specific attributes of the request.
Type: Array of PermissionCondition objects
Array Members: Minimum number of 1 item. Maximum number of 10 items.
Required: No
- principal
-
The Amazon Resource Name of the IAM role for the ISV that is being granted permission.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1284.
Pattern:
arn:aws:iam::[0-9]{12}:role/[a-zA-Z0-9_/+=,.@-]+Required: Yes
- statementId
-
A unique identifier for the policy statement.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 100.
Pattern:
[a-zA-Z0-9_-]+Required: Yes
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"statement": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- statement
-
The JSON representation of the added permission statement.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 2048.
Errors
For information about the errors that are common to all actions, see Common Error Types.
- AccessDeniedException
-
You don't have access to perform this action. Make sure you have the required permission policies and user accounts and try again.
HTTP Status Code: 403
- ConflictException
-
You are trying to perform an action that conflicts with the current status of your resource. Fix any inconsistencies with your resources and try again.
- message
-
The message describing a
ConflictException. - resourceId
-
The identifier of the resource affected.
- resourceType
-
The type of the resource affected.
HTTP Status Code: 409
- InternalServerException
-
An issue occurred with the internal server used for your Amazon Q Business service. Wait some minutes and try again, or contact Support
for help. HTTP Status Code: 500
- ResourceNotFoundException
-
The application or plugin resource you want to use doesn’t exist. Make sure you have provided the correct resource and try again.
- message
-
The message describing a
ResourceNotFoundException. - resourceId
-
The identifier of the resource affected.
- resourceType
-
The type of the resource affected.
HTTP Status Code: 404
- ServiceQuotaExceededException
-
You have exceeded the set limits for your Amazon Q Business service.
- message
-
The message describing a
ServiceQuotaExceededException. - resourceId
-
The identifier of the resource affected.
- resourceType
-
The type of the resource affected.
HTTP Status Code: 402
- ThrottlingException
-
The request was denied due to throttling. Reduce the number of requests and try again.
HTTP Status Code: 429
- ValidationException
-
The input doesn't meet the constraints set by the Amazon Q Business service. Provide the correct input and try again.
- fields
-
The input field(s) that failed validation.
- message
-
The message describing the
ValidationException. - reason
-
The reason for the
ValidationException.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: