ModifyDocumentPermission - AWS Systems Manager

ModifyDocumentPermission

Shares a AWS Systems Manager document (SSM document)publicly or privately. If you share a document privately, you must specify the Amazon Web Services user IDs for those people who can use the document. If you share a document publicly, you must specify All as the account ID.

Request Syntax

{ "AccountIdsToAdd": [ "string" ], "AccountIdsToRemove": [ "string" ], "Name": "string", "PermissionType": "string", "SharedDocumentVersion": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

AccountIdsToAdd

The Amazon Web Services users that should have access to the document. The account IDs can either be a group of account IDs or All.

Type: Array of strings

Array Members: Maximum number of 20 items.

Pattern: (?i)all|[0-9]{12}

Required: No

AccountIdsToRemove

The Amazon Web Services users that should no longer have access to the document. The Amazon Web Services user can either be a group of account IDs or All. This action has a higher priority than AccountIdsToAdd. If you specify an ID to add and the same ID to remove, the system removes access to the document.

Type: Array of strings

Array Members: Maximum number of 20 items.

Pattern: (?i)all|[0-9]{12}

Required: No

Name

The name of the document that you want to share.

Type: String

Pattern: ^[a-zA-Z0-9_\-.]{3,128}$

Required: Yes

PermissionType

The permission type for the document. The permission type can be Share.

Type: String

Valid Values: Share

Required: Yes

SharedDocumentVersion

(Optional) The version of the document to share. If it isn't specified, the system choose the Default version to share.

Type: String

Length Constraints: Maximum length of 8.

Pattern: ([$]LATEST|[$]DEFAULT|[$]ALL)

Required: No

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Errors

For information about the errors that are common to all actions, see Common Errors.

DocumentLimitExceeded

You can have at most 500 active SSM documents.

HTTP Status Code: 400

DocumentPermissionLimit

The document can't be shared with more AWS accounts. You can specify a maximum of 20 accounts per API operation to share a private document.

By default, you can share a private document with a maximum of 1,000 accounts and publicly share up to five documents.

If you need to increase the quota for privately or publicly shared Systems Manager documents, contact AWS Support.

HTTP Status Code: 400

InternalServerError

An error occurred on the server side.

HTTP Status Code: 500

InvalidDocument

The specified SSM document doesn't exist.

HTTP Status Code: 400

InvalidPermissionType

The permission type isn't supported. Share is the only supported permission type.

HTTP Status Code: 400

Examples

Example

This example illustrates one usage of ModifyDocumentPermission.

Sample Request

POST / HTTP/1.1 Host: ssm.us-east-2.amazonaws.com Accept-Encoding: identity X-Amz-Target: AmazonSSM.ModifyDocumentPermission Content-Type: application/x-amz-json-1.1 User-Agent: aws-cli/1.17.12 Python/3.6.8 Darwin/18.7.0 botocore/1.14.12 X-Amz-Date: 20240325T152441Z Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20240325/us-east-2/ssm/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=39c3b3042cd2aEXAMPLE Content-Length: 78 { "Name": "Example", "PermissionType": "Share", "AccountIdsToAdd": [ "444455556666" ] }

Sample Response

{}

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: