set_vault_access_policy
(**kwargs)¶This operation configures an access policy for a vault and will overwrite an existing policy. To configure a vault access policy, send a PUT request to the access-policy
subresource of the vault. An access policy is specific to a vault and is also called a vault subresource. You can set one access policy per vault and the policy can be up to 20 KB in size. For more information about vault access policies, see Amazon Glacier Access Control with Vault Access Policies.
See also: AWS API Documentation
Request Syntax
response = client.set_vault_access_policy(
vaultName='string',
policy={
'Policy': 'string'
}
)
The AccountId
value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single ' -
' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.
Note: this parameter is set to "-" bydefault if no value is not specified.
[REQUIRED]
The name of the vault.
The vault access policy as a JSON string.
The vault access policy.
None
Exceptions
Glacier.Client.exceptions.ResourceNotFoundException
Glacier.Client.exceptions.InvalidParameterValueException
Glacier.Client.exceptions.MissingParameterValueException
Glacier.Client.exceptions.ServiceUnavailableException
Examples
The example configures an access policy for the vault named examplevault.
response = client.set_vault_access_policy(
accountId='-',
policy={
'Policy': '{"Version":"2012-10-17","Statement":[{"Sid":"Define-owner-access-rights","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::999999999999:root"},"Action":"glacier:DeleteArchive","Resource":"arn:aws:glacier:us-west-2:999999999999:vaults/examplevault"}]}',
},
vaultName='examplevault',
)
print(response)
Expected Output:
{
'ResponseMetadata': {
'...': '...',
},
}