DescribeDocumentPermission
Describes the permissions for a AWS Systems Manager document (SSM document). If you created the document, you are the owner. If a document is shared, it can either be shared privately (by specifying a user's AWS account ID) or publicly (All).
Request Syntax
{
"MaxResults": number
,
"Name": "string
",
"NextToken": "string
",
"PermissionType": "string
"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- MaxResults
-
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 200.
Required: No
- Name
-
The name of the document for which you are the owner.
Type: String
Pattern:
^[a-zA-Z0-9_\-.]{3,128}$
Required: Yes
- NextToken
-
The token for the next set of items to return. (You received this token from a previous call.)
Type: String
Required: No
- PermissionType
-
The permission type for the document. The permission type can be Share.
Type: String
Valid Values:
Share
Required: Yes
Response Syntax
{
"AccountIds": [ "string" ],
"AccountSharingInfoList": [
{
"AccountId": "string",
"SharedDocumentVersion": "string"
}
],
"NextToken": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- AccountIds
-
The account IDs that have permission to use this document. The ID can be either an AWS account number or
all
.Type: Array of strings
Array Members: Maximum number of 20 items.
Pattern:
(?i)all|[0-9]{12}
- AccountSharingInfoList
-
A list of AWS accounts where the current document is shared and the version shared with each account.
Type: Array of AccountSharingInfo objects
- NextToken
-
The token for the next set of items to return. Use this token to get the next set of results.
Type: String
Errors
For information about the errors that are common to all actions, see Common Errors.
- InternalServerError
-
An error occurred on the server side.
HTTP Status Code: 500
- InvalidDocument
-
The specified SSM document doesn't exist.
- Message
-
The SSM document doesn't exist or the document isn't available to the user. This exception can be issued by various API operations.
HTTP Status Code: 400
- InvalidDocumentOperation
-
You attempted to delete a document while it is still shared. You must stop sharing the document before you can delete it.
HTTP Status Code: 400
- InvalidNextToken
-
The specified token isn't valid.
HTTP Status Code: 400
- InvalidPermissionType
-
The permission type isn't supported. Share is the only supported permission type.
HTTP Status Code: 400
Examples
Example
This example illustrates one usage of DescribeDocumentPermission.
Sample Request
POST / HTTP/1.1
Host: ssm.us-east-2.amazonaws.com
Accept-Encoding: identity
X-Amz-Target: AmazonSSM.DescribeDocumentPermission
Content-Type: application/x-amz-json-1.1
User-Agent: aws-cli/1.17.12 Python/3.6.8 Darwin/18.7.0 botocore/1.14.12
X-Amz-Date: 20240324T182653Z
Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20240324/us-east-2/ssm/aws4_request,
SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=39c3b3042cd2aEXAMPLE
Content-Length: 50
{
"Name": "Example",
"PermissionType": "Share"
}
Sample Response
{
"AccountIds": [],
"AccountSharingInfoList": []
}
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: