AssociateResourceSharePermission
Adds or replaces the AWS RAM permission for a resource type included in a resource share. You can have exactly one permission associated with each resource type in the resource share. You can add a new AWS RAM permission only if there are currently no resources of that resource type currently in the resource share.
Request Syntax
POST /associateresourcesharepermission HTTP/1.1
Content-type: application/json
{
"clientToken": "string",
"permissionArn": "string",
"permissionVersion": number,
"replace": boolean,
"resourceShareArn": "string"
}URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
-
Specifies the Amazon Resource Name (ARN) of the AWS RAM permission to associate with the resource share. To find the ARN for a permission, use either the ListPermissions operation or go to the Permissions library
page in the AWS RAM console and then choose the name of the permission. The ARN is displayed on the detail page. Type: String
Required: Yes
-
Specifies the Amazon Resource Name (ARN) of the resource share to which you want to add or replace permissions.
Type: String
Required: Yes
-
Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value.
. If you don't provide this value, then AWS generates a random one for you.
If you retry the operation with the same
ClientToken, but with different parameters, the retry fails with anIdempotentParameterMismatcherror.Type: String
Required: No
-
Specifies the version of the AWS RAM permission to associate with the resource share. You can specify only the version that is currently set as the default version for the permission. If you also set the
replacepararameter totrue, then this operation updates an outdated version of the permission to the current default version.Note
You don't need to specify this parameter because the default behavior is to use the version that is currently set as the default version for the permission. This parameter is supported for backwards compatibility.
Type: Integer
Required: No
-
Specifies whether the specified permission should replace the existing permission associated with the resource share. Use
trueto replace the current permissions. Usefalseto add the permission to a resource share that currently doesn't have a permission. The default value isfalse.Note
A resource share can have only one permission per resource type. If a resource share already has a permission for the specified resource type and you don't set
replacetotruethen the operation returns an error. This helps prevent accidental overwriting of a permission.Type: Boolean
Required: No
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"clientToken": "string",
"returnValue": boolean
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
-
The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the
clientTokenrequest parameter of that later call. All other parameters must also have the same values that you used in the first call.Type: String
-
A return value of
trueindicates that the request succeeded. A value offalseindicates that the request failed.Type: Boolean
Errors
For information about the errors that are common to all actions, see Common Errors.
- InvalidClientTokenException
-
The operation failed because the specified client token isn't valid.
HTTP Status Code: 400
- InvalidParameterException
-
The operation failed because a parameter you specified isn't valid.
HTTP Status Code: 400
- MalformedArnException
-
The operation failed because the specified Amazon Resource Name (ARN) has a format that isn't valid.
HTTP Status Code: 400
- OperationNotPermittedException
-
The operation failed because the requested operation isn't permitted.
HTTP Status Code: 400
- ServerInternalException
-
The operation failed because the service could not respond to the request due to an internal problem. Try again later.
HTTP Status Code: 500
- ServiceUnavailableException
-
The operation failed because the service isn't available. Try again later.
HTTP Status Code: 503
- UnknownResourceException
-
The operation failed because a specified resource couldn't be found.
HTTP Status Code: 400
Examples
Note
The examples show the JSON payloads of the request and response pretty printed with white spaces and line breaks for ease for ease of reading.
Example
The following example command replaces the permission for the relevant resource type in the specified resource share. You don't need to specify the resource type, it is automatically inferred from the specified permission.
Sample Request
POST /associateresourcesharepermission HTTP/1.1
X-Amz-Date: 20210924T194101Z
Accept-Encoding: identity
User-Agent: <UserAgentString>
Content-Length: <PayloadSizeBytes>
Authorization: AWS4-HMAC-SHA256 Credential=<Credential>, SignedHeaders=<Headers>, Signature=<Signature>>
{
"resourceShareArn": "arn:aws:ram:us-east-1:999999999999:resource-share/27d09b4b-5e12-41d1-a4f2-19dedEXAMPLE",
"permissionArn": "arn:aws:ram::aws:permission/AWSRAMPermissionGlueDatabaseReadWrite",
"replace": true
}
Sample Response
HTTP/1.1 200 OK
Date: Fri, 24 Sep 2021 19:41:02 GMT
Content-Type: application/json
Content-Length: <PayloadSizeBytes>
{
"returnValue":true
}
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
