DescribeDocumentPermission - AWS Systems Manager

DescribeDocumentPermission

Describes the permissions for a AWS Systems Manager document (SSM document). If you created the document, you are the owner. If a document is shared, it can either be shared privately (by specifying a user's AWS account ID) or publicly (All).

Request Syntax

{ "MaxResults": number, "Name": "string", "NextToken": "string", "PermissionType": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

MaxResults

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

Type: Integer

Valid Range: Minimum value of 1. Maximum value of 200.

Required: No

Name

The name of the document for which you are the owner.

Type: String

Pattern: ^[a-zA-Z0-9_\-.]{3,128}$

Required: Yes

NextToken

The token for the next set of items to return. (You received this token from a previous call.)

Type: String

Required: No

PermissionType

The permission type for the document. The permission type can be Share.

Type: String

Valid Values: Share

Required: Yes

Response Syntax

{ "AccountIds": [ "string" ], "AccountSharingInfoList": [ { "AccountId": "string", "SharedDocumentVersion": "string" } ], "NextToken": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

AccountIds

The account IDs that have permission to use this document. The ID can be either an AWS account or All.

Type: Array of strings

Array Members: Maximum number of 20 items.

Pattern: (?i)all|[0-9]{12}

AccountSharingInfoList

A list of AWS accounts where the current document is shared and the version shared with each account.

Type: Array of AccountSharingInfo objects

NextToken

The token for the next set of items to return. Use this token to get the next set of results.

Type: String

Errors

For information about the errors that are common to all actions, see Common Errors.

InternalServerError

An error occurred on the server side.

HTTP Status Code: 500

InvalidDocument

The specified SSM document doesn't exist.

HTTP Status Code: 400

InvalidDocumentOperation

You attempted to delete a document while it is still shared. You must stop sharing the document before you can delete it.

HTTP Status Code: 400

InvalidNextToken

The specified token isn't valid.

HTTP Status Code: 400

InvalidPermissionType

The permission type isn't supported. Share is the only supported permission type.

HTTP Status Code: 400

Examples

Example

This example illustrates one usage of DescribeDocumentPermission.

Sample Request

POST / HTTP/1.1 Host: ssm.us-east-2.amazonaws.com Accept-Encoding: identity X-Amz-Target: AmazonSSM.DescribeDocumentPermission Content-Type: application/x-amz-json-1.1 User-Agent: aws-cli/1.17.12 Python/3.6.8 Darwin/18.7.0 botocore/1.14.12 X-Amz-Date: 20240324T182653Z Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20240324/us-east-2/ssm/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=39c3b3042cd2aEXAMPLE Content-Length: 50 { "Name": "Example", "PermissionType": "Share" }

Sample Response

{ "AccountIds": [], "AccountSharingInfoList": [] }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: