Class: Aws::RAM::Types::CreatePermissionRequest

Inherits:
Struct
  • Object
show all
Includes:
Structure
Defined in:
lib/aws-sdk-ram/types.rb

Overview

See Also:

Constant Summary collapse

SENSITIVE = 
[]

Instance Attribute Summary collapse

Instance Attribute Details

#client_tokenString

Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a [UUID type of value.].

If you don’t provide this value, then Amazon Web Services generates a random one for you.

If you retry the operation with the same ‘ClientToken`, but with different parameters, the retry fails with an `IdempotentParameterMismatch` error.

[1]: wikipedia.org/wiki/Universally_unique_identifier

Returns:

  • (String) 


466
467
468
469
470
471
472
473
474
 
# File 'lib/aws-sdk-ram/types.rb', line 466

class CreatePermissionRequest < Struct.new(
  :name,
  :resource_type,
  :policy_template,
  :client_token,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end

#nameString

Specifies the name of the customer managed permission. The name must be unique within the Amazon Web Services Region.

Returns:

  • (String) 


466
467
468
469
470
471
472
473
474
 
# File 'lib/aws-sdk-ram/types.rb', line 466

class CreatePermissionRequest < Struct.new(
  :name,
  :resource_type,
  :policy_template,
  :client_token,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end

#policy_templateString

A string in JSON format string that contains the following elements of a resource-based policy:

  • Effect: must be set to ‘ALLOW`.

  • Action: specifies the actions that are allowed by this customer managed permission. The list must contain only actions that are supported by the specified resource type. For a list of all actions supported by each resource type, see [Actions, resources, and condition keys for Amazon Web Services services] in the *Identity and Access Management User Guide*.

  • Condition: (optional) specifies conditional parameters that must evaluate to true when a user attempts an action for that action to be allowed. For more information about the Condition element, see [IAM policies: Condition element] in the *Identity and Access Management User Guide*.

This template can’t include either the ‘Resource` or `Principal` elements. Those are both filled in by RAM when it instantiates the resource-based policy on each resource shared using this managed permission. The `Resource` comes from the ARN of the specific resource that you are sharing. The `Principal` comes from the list of identities added to the resource share.

[1]: docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html [2]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html

Returns:

  • (String) 


466
467
468
469
470
471
472
473
474
 
# File 'lib/aws-sdk-ram/types.rb', line 466

class CreatePermissionRequest < Struct.new(
  :name,
  :resource_type,
  :policy_template,
  :client_token,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end

#resource_typeString

Specifies the name of the resource type that this customer managed permission applies to.

The format is ‘ <service-code>:<resource-type> ` and is not case sensitive. For example, to specify an Amazon EC2 Subnet, you can use the string `ec2:subnet`. To see the list of valid values for this parameter, query the ListResourceTypes operation.

Returns:

  • (String) 


466
467
468
469
470
471
472
473
474
 
# File 'lib/aws-sdk-ram/types.rb', line 466

class CreatePermissionRequest < Struct.new(
  :name,
  :resource_type,
  :policy_template,
  :client_token,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end

#tagsArray<Types::Tag>

Specifies a list of one or more tag key and value pairs to attach to the permission.

Returns:



466
467
468
469
470
471
472
473
474
 
# File 'lib/aws-sdk-ram/types.rb', line 466

class CreatePermissionRequest < Struct.new(
  :name,
  :resource_type,
  :policy_template,
  :client_token,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end