RAM.Client.
create_resource_share
(**kwargs)¶Creates a resource share. You can provide a list of the Amazon Resource Names (ARNs) for the resources that you want to share, a list of principals you want to share the resources with, and the permissions to grant those principals.
Note
Sharing a resource makes it available for use by principals outside of the Amazon Web Services account that created the resource. Sharing doesn't change any permissions or quotas that apply to the resource in the account that created it.
See also: AWS API Documentation
Request Syntax
response = client.create_resource_share(
name='string',
resourceArns=[
'string',
],
principals=[
'string',
],
tags=[
{
'key': 'string',
'value': 'string'
},
],
allowExternalPrincipals=True|False,
clientToken='string',
permissionArns=[
'string',
]
)
[REQUIRED]
Specifies the name of the resource share.
Specifies a list of one or more ARNs of the resources to associate with the resource share.
Specifies a list of one or more principals to associate with the resource share.
You can include the following values:
123456789012
organizations::123456789012:organization/o-exampleorgid
organizations::123456789012:ou/o-exampleorgid/ou-examplerootid-exampleouid123
iam::123456789012:role/rolename
iam::123456789012user/username
Note
Not all resource types can be shared with IAM roles and users. For more information, see Sharing with IAM roles and users in the Resource Access Manager User Guide .
Specifies one or more tags to attach to the resource share itself. It doesn't attach the tags to the resources associated with the resource share.
A structure containing a tag. A tag is metadata that you can attach to your resources to help organize and categorize them. You can also use them to help you secure your resources. For more information, see Controlling access to Amazon Web Services resources using tags.
For more information about tags, see Tagging Amazon Web Services resources in the Amazon Web Services General Reference Guide .
The key, or name, attached to the tag. Every tag must have a key. Key names are case sensitive.
The string value attached to the tag. The value can be an empty string. Key values are case sensitive.
true
lets you share with individual Amazon Web Services accounts that are not in your organization. A value of false
only has meaning if your account is a member of an Amazon Web Services Organization. The default value is true
.Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
Specifies the Amazon Resource Names (ARNs) of the RAM permission to associate with the resource share. If you do not specify an ARN for the permission, RAM automatically attaches the default version of the permission for each resource type. You can associate only one permission with each resource type included in the resource share.
dict
Response Syntax
{
'resourceShare': {
'resourceShareArn': 'string',
'name': 'string',
'owningAccountId': 'string',
'allowExternalPrincipals': True|False,
'status': 'PENDING'|'ACTIVE'|'FAILED'|'DELETING'|'DELETED',
'statusMessage': 'string',
'tags': [
{
'key': 'string',
'value': 'string'
},
],
'creationTime': datetime(2015, 1, 1),
'lastUpdatedTime': datetime(2015, 1, 1),
'featureSet': 'CREATED_FROM_POLICY'|'PROMOTING_TO_STANDARD'|'STANDARD'
},
'clientToken': 'string'
}
Response Structure
(dict) --
resourceShare (dict) --
An object with information about the new resource share.
resourceShareArn (string) --
The Amazon Resoure Name (ARN) of the resource share
name (string) --
The name of the resource share.
owningAccountId (string) --
The ID of the Amazon Web Services account that owns the resource share.
allowExternalPrincipals (boolean) --
Indicates whether principals outside your organization in Organizations can be associated with a resource share.
status (string) --
The current status of the resource share.
statusMessage (string) --
A message about the status of the resource share.
tags (list) --
The tag key and value pairs attached to the resource share.
(dict) --
A structure containing a tag. A tag is metadata that you can attach to your resources to help organize and categorize them. You can also use them to help you secure your resources. For more information, see Controlling access to Amazon Web Services resources using tags.
For more information about tags, see Tagging Amazon Web Services resources in the Amazon Web Services General Reference Guide .
key (string) --
The key, or name, attached to the tag. Every tag must have a key. Key names are case sensitive.
value (string) --
The string value attached to the tag. The value can be an empty string. Key values are case sensitive.
creationTime (datetime) --
The date and time when the resource share was created.
lastUpdatedTime (datetime) --
The date and time when the resource share was last updated.
featureSet (string) --
Indicates how the resource share was created. Possible values include:
CREATED_FROM_POLICY
- Indicates that the resource share was created from an Identity and Access Management (IAM) resource-based permission policy attached to the resource. This type of resource share is visible only to the Amazon Web Services account that created it. You can't modify it in RAM unless you promote it. For more information, see PromoteResourceShareCreatedFromPolicy.PROMOTING_TO_STANDARD
- The resource share is in the process of being promoted. For more information, see PromoteResourceShareCreatedFromPolicy.STANDARD
- Indicates that the resource share was created in RAM using the console or APIs. These resource shares are visible to all principals you share the resource share with. You can modify these resource shares in RAM using the console or APIs.clientToken (string) --
The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the clientToken
request parameter of that later call. All other parameters must also have the same values that you used in the first call.
Exceptions
RAM.Client.exceptions.IdempotentParameterMismatchException
RAM.Client.exceptions.InvalidStateTransitionException
RAM.Client.exceptions.UnknownResourceException
RAM.Client.exceptions.MalformedArnException
RAM.Client.exceptions.InvalidClientTokenException
RAM.Client.exceptions.InvalidParameterException
RAM.Client.exceptions.OperationNotPermittedException
RAM.Client.exceptions.ResourceShareLimitExceededException
RAM.Client.exceptions.TagPolicyViolationException
RAM.Client.exceptions.ServerInternalException
RAM.Client.exceptions.ServiceUnavailableException