RAM / Client / associate_resource_share_permission

associate_resource_share_permission#

RAM.Client.associate_resource_share_permission(**kwargs)#

Adds or replaces the RAM permission for a resource type included in a resource share. You can have exactly one permission associated with each resource type in the resource share. You can add a new RAM permission only if there are currently no resources of that resource type currently in the resource share.

Request Syntax

response = client.associate_resource_share_permission(
    resourceShareArn='string',
    permissionArn='string',
    replace=True|False,
    clientToken='string',
    permissionVersion=123
)

Parameters:

resourceShareArn (string) –
[REQUIRED]

Specifies the Amazon Resource Name (ARN) of the resource share to which you want to add or replace permissions.
permissionArn (string) –
[REQUIRED]

Specifies the Amazon Resource Name (ARN) of the RAM permission to associate with the resource share. To find the ARN for a permission, use either the ListPermissions operation or go to the Permissions library page in the RAM console and then choose the name of the permission. The ARN is displayed on the detail page.
replace (boolean) –
Specifies whether the specified permission should replace the existing permission associated with the resource share. Use true to replace the current permissions. Use false to add the permission to a resource share that currently doesn’t have a permission. The default value is false.

Note
A resource share can have only one permission per resource type. If a resource share already has a permission for the specified resource type and you don’t set replace to true then the operation returns an error. This helps prevent accidental overwriting of a permission.
clientToken (string) –
Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..

If you don’t provide this value, then Amazon Web Services generates a random one for you.

If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotentParameterMismatch error.
permissionVersion (integer) –
Specifies the version of the RAM permission to associate with the resource share. You can specify only the version that is currently set as the default version for the permission. If you also set the replace pararameter to true, then this operation updates an outdated version of the permission to the current default version.

Note
You don’t need to specify this parameter because the default behavior is to use the version that is currently set as the default version for the permission. This parameter is supported for backwards compatibility.

Return type:

dict

Returns:

Response Syntax

{
    'returnValue': True|False,
    'clientToken': 'string'
}

Response Structure

(dict) –
- returnValue (boolean) –
  
  A return value of true indicates that the request succeeded. A value of false indicates that the request failed.
- clientToken (string) –
  
  The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the clientToken request parameter of that later call. All other parameters must also have the same values that you used in the first call.

Exceptions

RAM.Client.exceptions.MalformedArnException
RAM.Client.exceptions.UnknownResourceException
RAM.Client.exceptions.InvalidParameterException
RAM.Client.exceptions.InvalidClientTokenException
RAM.Client.exceptions.ServerInternalException
RAM.Client.exceptions.ServiceUnavailableException
RAM.Client.exceptions.OperationNotPermittedException