PUTRESOURCEPOLICY()`¶

About PutResourcePolicy¶

Creates or updates a resource-based policy for an Amazon Managed Service for Prometheus workspace. Use resource-based policies to grant permissions to other AWS accounts or services to access your workspace.

Only Prometheus-compatible APIs can be used for workspace sharing. You can add non-Prometheus-compatible APIs to the policy, but they will be ignored. For more information, see Prometheus-compatible APIs in the Amazon Managed Service for Prometheus User Guide.

If your workspace uses customer-managed KMS keys for encryption, you must grant the principals in your resource-based policy access to those KMS keys. You can do this by creating KMS grants. For more information, see CreateGrant in the AWS Key Management Service API Reference and Encryption at rest in the Amazon Managed Service for Prometheus User Guide.

For more information about working with IAM, see Using Amazon Managed Service for Prometheus with IAM in the Amazon Managed Service for Prometheus User Guide.

Method Signature¶

IMPORTING¶

Required arguments:¶

`iv_workspaceid` `TYPE /AWS1/AMPWORKSPACEID` `/AWS1/AMPWORKSPACEID`¶

The ID of the workspace to attach the resource-based policy to.

`iv_policydocument` `TYPE /AWS1/AMPSTRING` `/AWS1/AMPSTRING`¶

The JSON policy document to use as the resource-based policy. This policy defines the permissions that other AWS accounts or services have to access your workspace.

Optional arguments:¶

`iv_clienttoken` `TYPE /AWS1/AMPIDEMPOTENCYTOKEN` `/AWS1/AMPIDEMPOTENCYTOKEN`¶

A unique, case-sensitive identifier that you provide to ensure the request is safe to retry (idempotent).

`iv_revisionid` `TYPE /AWS1/AMPSTRING` `/AWS1/AMPSTRING`¶

The revision ID of the policy to update. Use this parameter to ensure that you are updating the correct version of the policy. If you don't specify a revision ID, the policy is updated regardless of its current revision.

For the first PUT request on a workspace that doesn't have an existing resource policy, you can specify NO_POLICY as the revision ID.

RETURNING¶

`oo_output` `TYPE REF TO /aws1/cl_ampputrespolicyrsp` `/AWS1/CL_AMPPUTRESPOLICYRSP`¶

Domain /AWS1/RT_ACCOUNT_ID

Primitive Type NUMC

Examples¶

Syntax Example¶

This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.

DATA(lo_result) = lo_client->/aws1/if_amp~putresourcepolicy(
  iv_clienttoken = |string|
  iv_policydocument = |string|
  iv_revisionid = |string|
  iv_workspaceid = |string|
).

This is an example of reading all possible response values

lo_result = lo_result.
IF lo_result IS NOT INITIAL.
  lv_workspacepolicystatusco = lo_result->get_policystatus( ).
  lv_string = lo_result->get_revisionid( ).
ENDIF.

/AWS1/IF_AMP=>PUTRESOURCEPOLICY()¶