Skip to content

Create Policy Store

verifiedpermissions_create_policy_store R Documentation

Creates a policy store

Description

Creates a policy store. A policy store is a container for policy resources.

Although Cedar supports multiple namespaces, Verified Permissions currently supports only one namespace per policy store.

Verified Permissions is eventually consistent . It can take a few seconds for a new or changed element to propagate through the service and be visible in the results of other Verified Permissions operations.

Usage

verifiedpermissions_create_policy_store(clientToken, validationSettings,
  description, deletionProtection, tags)

Arguments

clientToken

Specifies a unique, case-sensitive ID that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..

If you don't provide this value, then Amazon Web Services generates a random one for you.

If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an ConflictException error.

Verified Permissions recognizes a ClientToken for eight hours. After eight hours, the next request with the same parameters performs the operation again regardless of the value of ClientToken.
validationSettings

[required] Specifies the validation setting for this policy store.

Currently, the only valid and required value is Mode.

We recommend that you turn on STRICT mode only after you define a schema. If a schema doesn't exist, then STRICT mode causes any policy to fail validation, and Verified Permissions rejects the policy. You can turn off validation by using the update_policy_store. Then, when you have a schema defined, use update_policy_store again to turn validation back on.
description

Descriptive text that you can provide to help with identification of the current policy store.
deletionProtection

Specifies whether the policy store can be deleted. If enabled, the policy store can't be deleted.

The default state is DISABLED.
tags

The list of key-value pairs to associate with the policy store.

Value

A list with the following syntax:

list(
  policyStoreId = "string",
  arn = "string",
  createdDate = as.POSIXct(
    "2015-01-01"
  ),
  lastUpdatedDate = as.POSIXct(
    "2015-01-01"
  )
)

Request syntax

svc$create_policy_store(
  clientToken = "string",
  validationSettings = list(
    mode = "OFF"|"STRICT"
  ),
  description = "string",
  deletionProtection = "ENABLED"|"DISABLED",
  tags = list(
    "string"
  )
)