DescribeDocumentPermission - AWS Systems Manager


Describes the permissions for a Systems Manager document. If you created the document, you are the owner. If a document is shared, it can either be shared privately (by specifying a user's AWS account ID) or publicly (All).

Request Syntax

{ "Name": "string", "PermissionType": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.


The name of the document for which you are the owner.

Type: String

Pattern: ^[a-zA-Z0-9_\-.]{3,128}$

Required: Yes


The permission type for the document. The permission type can be Share.

Type: String

Valid Values: Share

Required: Yes

Response Syntax

{ "AccountIds": [ "string" ], "AccountSharingInfoList": [ { "AccountId": "string", "SharedDocumentVersion": "string" } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


The account IDs that have permission to use this document. The ID can be either an AWS account or All.

Type: Array of strings

Array Members: Maximum number of 20 items.

Pattern: (?i)all|[0-9]{12}


A list of AWS accounts where the current document is shared and the version shared with each account.

Type: Array of AccountSharingInfo objects


For information about the errors that are common to all actions, see Common Errors.


An error occurred on the server side.

HTTP Status Code: 500


The specified document does not exist.

HTTP Status Code: 400


The permission type is not supported. Share is the only supported permission type.

HTTP Status Code: 400



This example illustrates one usage of DescribeDocumentPermission.

Sample Request

POST / HTTP/1.1 Host: Accept-Encoding: identity X-Amz-Target: AmazonSSM.DescribeDocumentPermission Content-Type: application/x-amz-json-1.1 User-Agent: aws-cli/1.17.12 Python/3.6.8 Darwin/18.7.0 botocore/1.14.12 X-Amz-Date: 20200324T182653Z Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20200324/us-east-2/ssm/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=39c3b3042cd2aEXAMPLE Content-Length: 50 { "Name":"Example", "PermissionType":"Share" }

Sample Response

{ "AccountIds":[ ], "AccountSharingInfoList":[ ] }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: