Glacier / Client / set_vault_access_policy

set_vault_access_policy#

Glacier.Client.set_vault_access_policy(**kwargs)#

This operation configures an access policy for a vault and will overwrite an existing policy. To configure a vault access policy, send a PUT request to the access-policy subresource of the vault. An access policy is specific to a vault and is also called a vault subresource. You can set one access policy per vault and the policy can be up to 20 KB in size. For more information about vault access policies, see Amazon Glacier Access Control with Vault Access Policies.

See also: AWS API Documentation

Request Syntax

response = client.set_vault_access_policy(
    vaultName='string',
    policy={
        'Policy': 'string'
    }
)
Parameters:
  • accountId (string) –

    The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single ‘ -’ (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens (‘-’) in the ID.

    Note: this parameter is set to “-” bydefault if no value is not specified.

  • vaultName (string) –

    [REQUIRED]

    The name of the vault.

  • policy (dict) –

    The vault access policy as a JSON string.

    • Policy (string) –

      The vault access policy.

Returns:

None

Exceptions

Examples

The example configures an access policy for the vault named examplevault.

response = client.set_vault_access_policy(
    accountId='-',
    policy={
        'Policy': '{"Version":"2012-10-17","Statement":[{"Sid":"Define-owner-access-rights","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::999999999999:root"},"Action":"glacier:DeleteArchive","Resource":"arn:aws:glacier:us-west-2:999999999999:vaults/examplevault"}]}',
    },
    vaultName='examplevault',
)

print(response)

Expected Output:

{
    'ResponseMetadata': {
        '...': '...',
    },
}