This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.
AWS::APS::ResourcePolicy
Use resource-based policies to grant permissions to other AWS accounts or services to access your workspace.
Only Prometheus-compatible APIs can be used for workspace sharing. You can add non-Prometheus-compatible APIs to the policy, but they will be ignored. For more information, see Prometheus-compatible APIs in the Amazon Managed Service for Prometheus User Guide.
If your workspace uses customer-managed AWS KMS keys for encryption, you must grant the principals in your resource-based policy access to those AWS KMS keys. You can do this by creating AWS KMS grants. For more information, see CreateGrant in the AWS KMS API Reference and Encryption at rest in the Amazon Managed Service for Prometheus User Guide.
For more information about working with IAM, see Using Amazon Managed Service for Prometheus with IAM in the Amazon Managed Service for Prometheus User Guide.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::APS::ResourcePolicy", "Properties" : { "PolicyDocument" :String, "WorkspaceArn" :String} }
YAML
Type: AWS::APS::ResourcePolicy Properties: PolicyDocument:StringWorkspaceArn:String
Properties
PolicyDocument-
The JSON to use as the Resource-based Policy.
Required: Yes
Type: String
Update requires: No interruption
WorkspaceArn-
An ARN identifying a Workspace.
Required: Yes
Type: String
Pattern:
^arn:(aws|aws-us-gov|aws-cn):aps:[a-z0-9-]+:[0-9]+:workspace/[a-zA-Z0-9-]+$Update requires: Replacement
Return values
Ref
