Promote Permission Created From Policy
ram_promote_permission_created_from_policy | R Documentation |
When you attach a resource-based policy to a resource, RAM automatically creates a resource share of featureSet=CREATED_FROM_POLICY with a managed permission that has the same IAM permissions as the original resource-based policy¶
Description¶
When you attach a resource-based policy to a resource, RAM automatically
creates a resource share of featureSet
=CREATED_FROM_POLICY
with a
managed permission that has the same IAM permissions as the original
resource-based policy. However, this type of managed permission is
visible to only the resource share owner, and the associated resource
share can't be modified by using RAM.
This operation creates a separate, fully manageable customer managed permission that has the same IAM permissions as the original resource-based policy. You can associate this customer managed permission to any resource shares.
Before you use promote_resource_share_created_from_policy
, you should
first run this operation to ensure that you have an appropriate customer
managed permission that can be associated with the promoted resource
share.
-
The original
CREATED_FROM_POLICY
policy isn't deleted, and resource shares using that original policy aren't automatically updated. -
You can't modify a
CREATED_FROM_POLICY
resource share so you can't associate the new customer managed permission by usingReplacePermsissionAssociations
. However, if you usepromote_resource_share_created_from_policy
, that operation automatically associates the fully manageable customer managed permission to the newly promotedSTANDARD
resource share. -
After you promote a resource share, if the original
CREATED_FROM_POLICY
managed permission has no other associations to A resource share, then RAM automatically deletes it.
Usage¶
Arguments¶
permissionArn
[required] Specifies the Amazon Resource Name (ARN) of the
CREATED_FROM_POLICY
permission that you want to promote. You can get this Amazon Resource Name (ARN) by calling thelist_resource_share_permissions
operation.name
[required] Specifies a name for the promoted customer managed permission.
clientToken
Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
If you retry the operation with the same
ClientToken
, but with different parameters, the retry fails with anIdempotentParameterMismatch
error.
Value¶
A list with the following syntax:
list(
permission = list(
arn = "string",
version = "string",
defaultVersion = TRUE|FALSE,
name = "string",
resourceType = "string",
status = "string",
creationTime = as.POSIXct(
"2015-01-01"
),
lastUpdatedTime = as.POSIXct(
"2015-01-01"
),
isResourceTypeDefault = TRUE|FALSE,
permissionType = "CUSTOMER_MANAGED"|"AWS_MANAGED",
featureSet = "CREATED_FROM_POLICY"|"PROMOTING_TO_STANDARD"|"STANDARD",
tags = list(
list(
key = "string",
value = "string"
)
)
),
clientToken = "string"
)