Skip to content

Promote Permission Created From Policy

ram_promote_permission_created_from_policy R Documentation

When you attach a resource-based policy to a resource, RAM automatically creates a resource share of featureSet=CREATED_FROM_POLICY with a managed permission that has the same IAM permissions as the original resource-based policy

Description

When you attach a resource-based policy to a resource, RAM automatically creates a resource share of featureSet=CREATED_FROM_POLICY with a managed permission that has the same IAM permissions as the original resource-based policy. However, this type of managed permission is visible to only the resource share owner, and the associated resource share can't be modified by using RAM.

This operation creates a separate, fully manageable customer managed permission that has the same IAM permissions as the original resource-based policy. You can associate this customer managed permission to any resource shares.

Before you use promote_resource_share_created_from_policy, you should first run this operation to ensure that you have an appropriate customer managed permission that can be associated with the promoted resource share.

  • The original CREATED_FROM_POLICY policy isn't deleted, and resource shares using that original policy aren't automatically updated.

  • You can't modify a CREATED_FROM_POLICY resource share so you can't associate the new customer managed permission by using ReplacePermsissionAssociations. However, if you use promote_resource_share_created_from_policy, that operation automatically associates the fully manageable customer managed permission to the newly promoted STANDARD resource share.

  • After you promote a resource share, if the original CREATED_FROM_POLICY managed permission has no other associations to A resource share, then RAM automatically deletes it.

Usage

ram_promote_permission_created_from_policy(permissionArn, name,
  clientToken)

Arguments

permissionArn

[required] Specifies the Amazon Resource Name (ARN) of the CREATED_FROM_POLICY permission that you want to promote. You can get this Amazon Resource Name (ARN) by calling the list_resource_share_permissions operation.

name

[required] Specifies a name for the promoted customer managed permission.

clientToken

Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..

If you don't provide this value, then Amazon Web Services generates a random one for you.

If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotentParameterMismatch error.

Value

A list with the following syntax: 

list(
  permission = list(
    arn = "string",
    version = "string",
    defaultVersion = TRUE|FALSE,
    name = "string",
    resourceType = "string",
    status = "string",
    creationTime = as.POSIXct(
      "2015-01-01"
    ),
    lastUpdatedTime = as.POSIXct(
      "2015-01-01"
    ),
    isResourceTypeDefault = TRUE|FALSE,
    permissionType = "CUSTOMER_MANAGED"|"AWS_MANAGED",
    featureSet = "CREATED_FROM_POLICY"|"PROMOTING_TO_STANDARD"|"STANDARD",
    tags = list(
      list(
        key = "string",
        value = "string"
      )
    )
  ),
  clientToken = "string"
)

Request syntax

svc$promote_permission_created_from_policy(
  permissionArn = "string",
  name = "string",
  clientToken = "string"
)