ModifyDocumentPermission
Shares a AWS Systems Manager document (SSM document)publicly or privately. If you share a document privately, you must specify the Amazon Web Services user IDs for those people who can use the document. If you share a document publicly, you must specify All as the account ID.
Request Syntax
{
"AccountIdsToAdd": [ "string
" ],
"AccountIdsToRemove": [ "string
" ],
"Name": "string
",
"PermissionType": "string
",
"SharedDocumentVersion": "string
"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- AccountIdsToAdd
-
The Amazon Web Services users that should have access to the document. The account IDs can either be a group of account IDs or All.
Type: Array of strings
Array Members: Maximum number of 20 items.
Pattern:
(?i)all|[0-9]{12}
Required: No
- AccountIdsToRemove
-
The Amazon Web Services users that should no longer have access to the document. The Amazon Web Services user can either be a group of account IDs or All. This action has a higher priority than
AccountIdsToAdd
. If you specify an ID to add and the same ID to remove, the system removes access to the document.Type: Array of strings
Array Members: Maximum number of 20 items.
Pattern:
(?i)all|[0-9]{12}
Required: No
- Name
-
The name of the document that you want to share.
Type: String
Pattern:
^[a-zA-Z0-9_\-.]{3,128}$
Required: Yes
- PermissionType
-
The permission type for the document. The permission type can be Share.
Type: String
Valid Values:
Share
Required: Yes
-
(Optional) The version of the document to share. If it isn't specified, the system choose the
Default
version to share.Type: String
Length Constraints: Maximum length of 8.
Pattern:
([$]LATEST|[$]DEFAULT|[$]ALL)
Required: No
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors.
- DocumentLimitExceeded
-
You can have at most 500 active SSM documents.
HTTP Status Code: 400
- DocumentPermissionLimit
-
The document can't be shared with more AWS accounts. You can specify a maximum of 20 accounts per API operation to share a private document.
By default, you can share a private document with a maximum of 1,000 accounts and publicly share up to five documents.
If you need to increase the quota for privately or publicly shared Systems Manager documents, contact AWS Support.
HTTP Status Code: 400
- InternalServerError
-
An error occurred on the server side.
HTTP Status Code: 500
- InvalidDocument
-
The specified SSM document doesn't exist.
HTTP Status Code: 400
- InvalidPermissionType
-
The permission type isn't supported. Share is the only supported permission type.
HTTP Status Code: 400
Examples
Example
This example illustrates one usage of ModifyDocumentPermission.
Sample Request
POST / HTTP/1.1
Host: ssm.us-east-2.amazonaws.com
Accept-Encoding: identity
X-Amz-Target: AmazonSSM.ModifyDocumentPermission
Content-Type: application/x-amz-json-1.1
User-Agent: aws-cli/1.17.12 Python/3.6.8 Darwin/18.7.0 botocore/1.14.12
X-Amz-Date: 20240325T152441Z
Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20240325/us-east-2/ssm/aws4_request,
SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=39c3b3042cd2aEXAMPLE
Content-Length: 78
{
"Name": "Example",
"PermissionType": "Share",
"AccountIdsToAdd": [
"444455556666"
]
}
Sample Response
{}
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: