CloudTrail / Client / put_resource_policy



Attaches a resource-based permission policy to a CloudTrail channel that is used for an integration with an event source outside of Amazon Web Services. For more information about resource-based policies, see CloudTrail resource-based policy examples in the CloudTrail User Guide .

See also: AWS API Documentation

Request Syntax

response = client.put_resource_policy(
  • ResourceArn (string) –


    The Amazon Resource Name (ARN) of the CloudTrail channel attached to the resource-based policy. The following is the format of a resource ARN: arn:aws:cloudtrail:us-east-2:123456789012:channel/MyChannel .

  • ResourcePolicy (string) –


    A JSON-formatted string for an Amazon Web Services resource-based policy.

    The following are requirements for the resource policy:

    • Contains only one action: cloudtrail-data:PutAuditEvents

    • Contains at least one statement. The policy can have a maximum of 20 statements.

    • Each statement contains at least one principal. A statement can have a maximum of 50 principals.

Return type:



Response Syntax

    'ResourceArn': 'string',
    'ResourcePolicy': 'string'

Response Structure

  • (dict) –

    • ResourceArn (string) –

      The Amazon Resource Name (ARN) of the CloudTrail channel attached to the resource-based policy.

    • ResourcePolicy (string) –

      The JSON-formatted string of the Amazon Web Services resource-based policy attached to the CloudTrail channel.


  • CloudTrail.Client.exceptions.ResourceARNNotValidException

  • CloudTrail.Client.exceptions.ResourcePolicyNotValidException

  • CloudTrail.Client.exceptions.ResourceNotFoundException

  • CloudTrail.Client.exceptions.ResourceTypeNotSupportedException

  • CloudTrail.Client.exceptions.OperationNotPermittedException

  • CloudTrail.Client.exceptions.UnsupportedOperationException