AssociateResourceSharePermission - AWS RAM

AssociateResourceSharePermission

Adds or replaces the AWS RAM permission for a resource type included in a resource share. You can have exactly one permission associated with each resource type in the resource share. You can add a new AWS RAM permission only if there are currently no resources of that resource type currently in the resource share.

Request Syntax

POST /associateresourcesharepermission HTTP/1.1 Content-type: application/json { "clientToken": "string", "permissionArn": "string", "permissionVersion": number, "replace": boolean, "resourceShareArn": "string" }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

clientToken

Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..

If you don't provide this value, then AWS generates a random one for you.

Type: String

Required: No

permissionArn

Specifies the Amazon Resoure Name (ARN) of the AWS RAM permission to associate with the resource share. To find the ARN for a permission, use either the ListPermissions operation or go to the Permissions library page in the AWS RAM console and then choose the name of the permission. The ARN is displayed on the detail page.

Type: String

Required: Yes

permissionVersion

Specifies the version of the AWS RAM permission to associate with the resource share. If you don't specify this parameter, the operation uses the version designated as the default.

Type: Integer

Required: No

replace

Specifies whether the specified permission should replace or add to the existing permission associated with the resource share. Use true to replace the current permissions. Use false to add the permission to the current permission. The default value is false.

Note

A resource share can have only one permission per resource type. If a resource share already has a permission for the specified resource type and you don't set replace to true then the operation returns an error. This helps prevent accidental overwriting of a permission.

Type: Boolean

Required: No

resourceShareArn

Specifies the Amazon Resoure Name (ARN) of the resource share to which you want to add or replace permissions.

Type: String

Required: Yes

Response Syntax

HTTP/1.1 200 Content-type: application/json { "clientToken": "string", "returnValue": boolean }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

clientToken

The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the clientToken request parameter of that later call. All other parameters must also have the same values that you used in the first call.

Type: String

returnValue

A return value of true indicates that the request succeeded. A value of false indicates that the request failed.

Type: Boolean

Errors

For information about the errors that are common to all actions, see Common Errors.

InvalidClientTokenException

The client token is not valid.

HTTP Status Code: 400

InvalidParameterException

A parameter is not valid.

HTTP Status Code: 400

MalformedArnException

The format of an Amazon Resource Name (ARN) is not valid.

HTTP Status Code: 400

OperationNotPermittedException

The requested operation is not permitted.

HTTP Status Code: 400

ServerInternalException

The service could not respond to the request due to an internal problem.

HTTP Status Code: 500

ServiceUnavailableException

The service is not available.

HTTP Status Code: 503

UnknownResourceException

A specified resource was not found.

HTTP Status Code: 400

Examples

Note

The examples show the JSON payloads of the request and response pretty printed with white spaces and line breaks for ease for ease of reading.

Example

The following example command replaces the permission for the relevant resource type in the specified resource share. You don't need to specify the resource type, it is automatically inferred from the specified permission.

Sample Request

POST /associateresourcesharepermission HTTP/1.1 X-Amz-Date: 20210924T194101Z Accept-Encoding: identity User-Agent: <UserAgentString> Content-Length: <PayloadSizeBytes> Authorization: AWS4-HMAC-SHA256 Credential=<Credential>, SignedHeaders=<Headers>, Signature=<Signature>> { "resourceShareArn": "arn:aws:ram:us-east-1:999999999999:resource-share/27d09b4b-5e12-41d1-a4f2-19dedEXAMPLE", "permissionArn": "arn:aws:ram::aws:permission/AWSRAMPermissionGlueDatabaseReadWrite", "replace": true }

Sample Response

HTTP/1.1 200 OK Date: Fri, 24 Sep 2021 19:41:02 GMT Content-Type: application/json Content-Length: <PayloadSizeBytes> { "returnValue":true }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: