PutResourcePolicy - Amazon Managed Service for Prometheus
Request SyntaxURI Request ParametersRequest BodyResponse SyntaxResponse ElementsErrorsSee Also

PutResourcePolicy

Creates or updates a resource-based policy for an Amazon Managed Service for Prometheus workspace. Use resource-based policies to grant permissions to other AWS accounts or services to access your workspace.

Only Prometheus-compatible APIs can be used for workspace sharing. You can add non-Prometheus-compatible APIs to the policy, but they will be ignored. For more information, see Prometheus-compatible APIs in the Amazon Managed Service for Prometheus User Guide.

If your workspace uses customer-managed KMS keys for encryption, you must grant the principals in your resource-based policy access to those KMS keys. You can do this by creating KMS grants. For more information, see CreateGrant in the AWS Key Management Service API Reference and Encryption at rest in the Amazon Managed Service for Prometheus User Guide.

For more information about working with IAM, see Using Amazon Managed Service for Prometheus with IAM in the Amazon Managed Service for Prometheus User Guide.

Request Syntax

PUT /workspaces/workspaceId/policy HTTP/1.1
Content-type: application/json

{
   "clientToken": "string",
   "policyDocument": "string",
   "revisionId": "string"
}

URI Request Parameters

The request uses the following URI parameters.

workspaceId

The ID of the workspace to attach the resource-based policy to.

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: .*[0-9A-Za-z][-.0-9A-Z_a-z]*.*

Required: Yes

Request Body

The request accepts the following data in JSON format.

clientToken

A unique, case-sensitive identifier that you provide to ensure the request is safe to retry (idempotent).

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: [!-~]+

Required: No

policyDocument

The JSON policy document to use as the resource-based policy. This policy defines the permissions that other AWS accounts or services have to access your workspace.

Type: String

Required: Yes

revisionId

The revision ID of the policy to update. Use this parameter to ensure that you are updating the correct version of the policy. If you don't specify a revision ID, the policy is updated regardless of its current revision.

For the first PUT request on a workspace that doesn't have an existing resource policy, you can specify NO_POLICY as the revision ID.

Type: String

Required: No

Response Syntax

HTTP/1.1 202
Content-type: application/json

{
   "policyStatus": "string",
   "revisionId": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 202 response.

The following data is returned in JSON format by the service.

policyStatus

The current status of the resource-based policy.

Type: String

Valid Values: CREATING | ACTIVE | UPDATING | DELETING

revisionId

The revision ID of the newly created or updated resource-based policy.

Type: String

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You do not have sufficient access to perform this action.

HTTP Status Code: 403

ConflictException

The request would cause an inconsistent state.

HTTP Status Code: 409

InternalServerException

An unexpected error occurred during the processing of the request.

HTTP Status Code: 500

ResourceNotFoundException

The request references a resources that doesn't exist.

HTTP Status Code: 404

ThrottlingException

The request was denied due to request throttling.

HTTP Status Code: 429

ValidationException

The input fails to satisfy the constraints specified by an AWS service.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: