DescribeDocumentPermission - AWS Systems Manager


Describes the permissions for a AWS Systems Manager document (SSM document). If you created the document, you are the owner. If a document is shared, it can either be shared privately (by specifying a user's AWS account ID) or publicly (All).

Request Syntax

{ "MaxResults": number, "Name": "string", "NextToken": "string", "PermissionType": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.


The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

Type: Integer

Valid Range: Minimum value of 1. Maximum value of 200.

Required: No


The name of the document for which you are the owner.

Type: String

Pattern: ^[a-zA-Z0-9_\-.]{3,128}$

Required: Yes


The token for the next set of items to return. (You received this token from a previous call.)

Type: String

Required: No


The permission type for the document. The permission type can be Share.

Type: String

Valid Values: Share

Required: Yes

Response Syntax

{ "AccountIds": [ "string" ], "AccountSharingInfoList": [ { "AccountId": "string", "SharedDocumentVersion": "string" } ], "NextToken": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


The account IDs that have permission to use this document. The ID can be either an AWS account or All.

Type: Array of strings

Array Members: Maximum number of 20 items.

Pattern: (?i)all|[0-9]{12}


A list of AWS accounts where the current document is shared and the version shared with each account.

Type: Array of AccountSharingInfo objects


The token for the next set of items to return. Use this token to get the next set of results.

Type: String


For information about the errors that are common to all actions, see Common Errors.


An error occurred on the server side.

HTTP Status Code: 500


The specified SSM document doesn't exist.

HTTP Status Code: 400


You attempted to delete a document while it is still shared. You must stop sharing the document before you can delete it.

HTTP Status Code: 400


The specified token isn't valid.

HTTP Status Code: 400


The permission type isn't supported. Share is the only supported permission type.

HTTP Status Code: 400



This example illustrates one usage of DescribeDocumentPermission.

Sample Request

POST / HTTP/1.1 Host: Accept-Encoding: identity X-Amz-Target: AmazonSSM.DescribeDocumentPermission Content-Type: application/x-amz-json-1.1 User-Agent: aws-cli/1.17.12 Python/3.6.8 Darwin/18.7.0 botocore/1.14.12 X-Amz-Date: 20200324T182653Z Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20200324/us-east-2/ssm/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=39c3b3042cd2aEXAMPLE Content-Length: 50 { "Name": "Example", "PermissionType": "Share" }

Sample Response

{ "AccountIds": [], "AccountSharingInfoList": [] }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: