AssociateResourceSharePermission - AWS RAM


Adds or replaces the AWS RAM permission for a resource type included in a resource share. You can have exactly one permission associated with each resource type in the resource share. You can add a new AWS RAM permission only if there are currently no resources of that resource type currently in the resource share.

Request Syntax

POST /associateresourcesharepermission HTTP/1.1 Content-type: application/json { "clientToken": "string", "permissionArn": "string", "permissionVersion": number, "replace": boolean, "resourceShareArn": "string" }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.


Specifies the Amazon Resoure Name (ARN) of the AWS RAM permission to associate with the resource share. To find the ARN for a permission, use either the ListPermissions operation or go to the Permissions library page in the AWS RAM console and then choose the name of the permission. The ARN is displayed on the detail page.

Type: String

Required: Yes


Specifies the Amazon Resoure Name (ARN) of the resource share to which you want to add or replace permissions.

Type: String

Required: Yes


Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..

If you don't provide this value, then AWS generates a random one for you.

Type: String

Required: No


Specifies the version of the AWS RAM permission to associate with the resource share. You can specify only the version that is currently set as the default version for the permission. If you also set the replace pararameter to true, then this operation updates an outdated version of the permission to the current default version.


You don't need to specify this parameter because the default behavior is to use the version that is currently set as the default version for the permission. This parameter is supported for backwards compatibility.

Type: Integer

Required: No


Specifies whether the specified permission should replace the existing permission associated with the resource share. Use true to replace the current permissions. Use false to add the permission to a resource share that currently doesn't have a permission. The default value is false.


A resource share can have only one permission per resource type. If a resource share already has a permission for the specified resource type and you don't set replace to true then the operation returns an error. This helps prevent accidental overwriting of a permission.

Type: Boolean

Required: No

Response Syntax

HTTP/1.1 200 Content-type: application/json { "clientToken": "string", "returnValue": boolean }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the clientToken request parameter of that later call. All other parameters must also have the same values that you used in the first call.

Type: String


A return value of true indicates that the request succeeded. A value of false indicates that the request failed.

Type: Boolean


For information about the errors that are common to all actions, see Common Errors.


The client token is not valid.

HTTP Status Code: 400


A parameter is not valid.

HTTP Status Code: 400


The format of an Amazon Resource Name (ARN) is not valid.

HTTP Status Code: 400


The requested operation is not permitted.

HTTP Status Code: 400


The service could not respond to the request due to an internal problem.

HTTP Status Code: 500


The service is not available.

HTTP Status Code: 503


A specified resource was not found.

HTTP Status Code: 400



The examples show the JSON payloads of the request and response pretty printed with white spaces and line breaks for ease for ease of reading.


The following example command replaces the permission for the relevant resource type in the specified resource share. You don't need to specify the resource type, it is automatically inferred from the specified permission.

Sample Request

POST /associateresourcesharepermission HTTP/1.1 X-Amz-Date: 20210924T194101Z Accept-Encoding: identity User-Agent: <UserAgentString> Content-Length: <PayloadSizeBytes> Authorization: AWS4-HMAC-SHA256 Credential=<Credential>, SignedHeaders=<Headers>, Signature=<Signature>> { "resourceShareArn": "arn:aws:ram:us-east-1:999999999999:resource-share/27d09b4b-5e12-41d1-a4f2-19dedEXAMPLE", "permissionArn": "arn:aws:ram::aws:permission/AWSRAMPermissionGlueDatabaseReadWrite", "replace": true }

Sample Response

HTTP/1.1 200 OK Date: Fri, 24 Sep 2021 19:41:02 GMT Content-Type: application/json Content-Length: <PayloadSizeBytes> { "returnValue":true }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: