aws-sdk-ram 1.41.0 → 1.43.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -1
- data/VERSION +1 -1
- data/lib/aws-sdk-ram/client.rb +1020 -87
- data/lib/aws-sdk-ram/client_api.rb +338 -2
- data/lib/aws-sdk-ram/endpoint_parameters.rb +0 -3
- data/lib/aws-sdk-ram/endpoint_provider.rb +41 -110
- data/lib/aws-sdk-ram/endpoints.rb +126 -0
- data/lib/aws-sdk-ram/errors.rb +96 -0
- data/lib/aws-sdk-ram/plugins/endpoints.rb +18 -0
- data/lib/aws-sdk-ram/types.rb +1428 -173
- data/lib/aws-sdk-ram.rb +1 -1
- metadata +2 -2
data/lib/aws-sdk-ram/client.rb
CHANGED
@@ -374,7 +374,7 @@ module Aws::RAM
|
|
374
374
|
# relevant Amazon Web Services Management Consoles and tools.
|
375
375
|
#
|
376
376
|
# @option params [required, String] :resource_share_invitation_arn
|
377
|
-
# The [Amazon
|
377
|
+
# The [Amazon Resource Name (ARN)][1] of the invitation that you want to
|
378
378
|
# accept.
|
379
379
|
#
|
380
380
|
#
|
@@ -392,6 +392,10 @@ module Aws::RAM
|
|
392
392
|
# If you don't provide this value, then Amazon Web Services generates a
|
393
393
|
# random one for you.
|
394
394
|
#
|
395
|
+
# If you retry the operation with the same `ClientToken`, but with
|
396
|
+
# different parameters, the retry fails with an
|
397
|
+
# `IdempotentParameterMismatch` error.
|
398
|
+
#
|
395
399
|
#
|
396
400
|
#
|
397
401
|
# [1]: https://wikipedia.org/wiki/Universally_unique_identifier
|
@@ -446,7 +450,7 @@ module Aws::RAM
|
|
446
450
|
# resource share.
|
447
451
|
#
|
448
452
|
# @option params [required, String] :resource_share_arn
|
449
|
-
# Specifies the [Amazon
|
453
|
+
# Specifies the [Amazon Resource Name (ARN)][1] of the resource share
|
450
454
|
# that you want to add principals or resources to.
|
451
455
|
#
|
452
456
|
#
|
@@ -474,7 +478,7 @@ module Aws::RAM
|
|
474
478
|
#
|
475
479
|
# * An Amazon Web Services account ID, for example: `123456789012`
|
476
480
|
#
|
477
|
-
# * An [Amazon
|
481
|
+
# * An [Amazon Resource Name (ARN)][1] of an organization in
|
478
482
|
# Organizations, for example:
|
479
483
|
# `organizations::123456789012:organization/o-exampleorgid`
|
480
484
|
#
|
@@ -508,6 +512,10 @@ module Aws::RAM
|
|
508
512
|
# If you don't provide this value, then Amazon Web Services generates a
|
509
513
|
# random one for you.
|
510
514
|
#
|
515
|
+
# If you retry the operation with the same `ClientToken`, but with
|
516
|
+
# different parameters, the retry fails with an
|
517
|
+
# `IdempotentParameterMismatch` error.
|
518
|
+
#
|
511
519
|
#
|
512
520
|
#
|
513
521
|
# [1]: https://wikipedia.org/wiki/Universally_unique_identifier
|
@@ -556,7 +564,7 @@ module Aws::RAM
|
|
556
564
|
# type currently in the resource share.
|
557
565
|
#
|
558
566
|
# @option params [required, String] :resource_share_arn
|
559
|
-
# Specifies the [Amazon
|
567
|
+
# Specifies the [Amazon Resource Name (ARN)][1] of the resource share to
|
560
568
|
# which you want to add or replace permissions.
|
561
569
|
#
|
562
570
|
#
|
@@ -564,7 +572,7 @@ module Aws::RAM
|
|
564
572
|
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
565
573
|
#
|
566
574
|
# @option params [required, String] :permission_arn
|
567
|
-
# Specifies the [Amazon
|
575
|
+
# Specifies the [Amazon Resource Name (ARN)][1] of the RAM permission to
|
568
576
|
# associate with the resource share. To find the ARN for a permission,
|
569
577
|
# use either the ListPermissions operation or go to the [Permissions
|
570
578
|
# library][2] page in the RAM console and then choose the name of the
|
@@ -576,10 +584,11 @@ module Aws::RAM
|
|
576
584
|
# [2]: https://console.aws.amazon.com/ram/home#Permissions:
|
577
585
|
#
|
578
586
|
# @option params [Boolean] :replace
|
579
|
-
# Specifies whether the specified permission should replace
|
580
|
-
#
|
581
|
-
#
|
582
|
-
#
|
587
|
+
# Specifies whether the specified permission should replace the existing
|
588
|
+
# permission associated with the resource share. Use `true` to replace
|
589
|
+
# the current permissions. Use `false` to add the permission to a
|
590
|
+
# resource share that currently doesn't have a permission. The default
|
591
|
+
# value is `false`.
|
583
592
|
#
|
584
593
|
# <note markdown="1"> A resource share can have only one permission per resource type. If a
|
585
594
|
# resource share already has a permission for the specified resource
|
@@ -599,16 +608,27 @@ module Aws::RAM
|
|
599
608
|
# If you don't provide this value, then Amazon Web Services generates a
|
600
609
|
# random one for you.
|
601
610
|
#
|
611
|
+
# If you retry the operation with the same `ClientToken`, but with
|
612
|
+
# different parameters, the retry fails with an
|
613
|
+
# `IdempotentParameterMismatch` error.
|
614
|
+
#
|
602
615
|
#
|
603
616
|
#
|
604
617
|
# [1]: https://wikipedia.org/wiki/Universally_unique_identifier
|
605
618
|
#
|
606
619
|
# @option params [Integer] :permission_version
|
607
620
|
# Specifies the version of the RAM permission to associate with the
|
608
|
-
# resource share.
|
609
|
-
#
|
610
|
-
#
|
611
|
-
#
|
621
|
+
# resource share. You can specify *only* the version that is currently
|
622
|
+
# set as the default version for the permission. If you also set the
|
623
|
+
# `replace` pararameter to `true`, then this operation updates an
|
624
|
+
# outdated version of the permission to the current default version.
|
625
|
+
#
|
626
|
+
# <note markdown="1"> You don't need to specify this parameter because the default behavior
|
627
|
+
# is to use the version that is currently set as the default version for
|
628
|
+
# the permission. This parameter is supported for backwards
|
629
|
+
# compatibility.
|
630
|
+
#
|
631
|
+
# </note>
|
612
632
|
#
|
613
633
|
# @return [Types::AssociateResourceSharePermissionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
614
634
|
#
|
@@ -639,6 +659,234 @@ module Aws::RAM
|
|
639
659
|
req.send_request(options)
|
640
660
|
end
|
641
661
|
|
662
|
+
# Creates a customer managed permission for a specified resource type
|
663
|
+
# that you can attach to resource shares. It is created in the Amazon
|
664
|
+
# Web Services Region in which you call the operation.
|
665
|
+
#
|
666
|
+
# @option params [required, String] :name
|
667
|
+
# Specifies the name of the customer managed permission. The name must
|
668
|
+
# be unique within the Amazon Web Services Region.
|
669
|
+
#
|
670
|
+
# @option params [required, String] :resource_type
|
671
|
+
# Specifies the name of the resource type that this customer managed
|
672
|
+
# permission applies to.
|
673
|
+
#
|
674
|
+
# The format is ` <service-code>:<resource-type> ` and is not case
|
675
|
+
# sensitive. For example, to specify an Amazon EC2 Subnet, you can use
|
676
|
+
# the string `ec2:subnet`. To see the list of valid values for this
|
677
|
+
# parameter, query the ListResourceTypes operation.
|
678
|
+
#
|
679
|
+
# @option params [required, String] :policy_template
|
680
|
+
# A string in JSON format string that contains the following elements of
|
681
|
+
# a resource-based policy:
|
682
|
+
#
|
683
|
+
# * **Effect**: must be set to `ALLOW`.
|
684
|
+
#
|
685
|
+
# * **Action**: specifies the actions that are allowed by this customer
|
686
|
+
# managed permission. The list must contain only actions that are
|
687
|
+
# supported by the specified resource type. For a list of all actions
|
688
|
+
# supported by each resource type, see [Actions, resources, and
|
689
|
+
# condition keys for Amazon Web Services services][1] in the *Identity
|
690
|
+
# and Access Management User Guide*.
|
691
|
+
#
|
692
|
+
# * **Condition**: (optional) specifies conditional parameters that must
|
693
|
+
# evaluate to true when a user attempts an action for that action to
|
694
|
+
# be allowed. For more information about the Condition element, see
|
695
|
+
# [IAM policies: Condition element][2] in the *Identity and Access
|
696
|
+
# Management User Guide*.
|
697
|
+
#
|
698
|
+
# This template can't include either the `Resource` or `Principal`
|
699
|
+
# elements. Those are both filled in by RAM when it instantiates the
|
700
|
+
# resource-based policy on each resource shared using this managed
|
701
|
+
# permission. The `Resource` comes from the ARN of the specific resource
|
702
|
+
# that you are sharing. The `Principal` comes from the list of
|
703
|
+
# identities added to the resource share.
|
704
|
+
#
|
705
|
+
#
|
706
|
+
#
|
707
|
+
# [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html
|
708
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html
|
709
|
+
#
|
710
|
+
# @option params [String] :client_token
|
711
|
+
# Specifies a unique, case-sensitive identifier that you provide to
|
712
|
+
# ensure the idempotency of the request. This lets you safely retry the
|
713
|
+
# request without accidentally performing the same operation a second
|
714
|
+
# time. Passing the same value to a later call to an operation requires
|
715
|
+
# that you also pass the same value for all other parameters. We
|
716
|
+
# recommend that you use a [UUID type of value.][1].
|
717
|
+
#
|
718
|
+
# If you don't provide this value, then Amazon Web Services generates a
|
719
|
+
# random one for you.
|
720
|
+
#
|
721
|
+
# If you retry the operation with the same `ClientToken`, but with
|
722
|
+
# different parameters, the retry fails with an
|
723
|
+
# `IdempotentParameterMismatch` error.
|
724
|
+
#
|
725
|
+
#
|
726
|
+
#
|
727
|
+
# [1]: https://wikipedia.org/wiki/Universally_unique_identifier
|
728
|
+
#
|
729
|
+
# @option params [Array<Types::Tag>] :tags
|
730
|
+
# Specifies a list of one or more tag key and value pairs to attach to
|
731
|
+
# the permission.
|
732
|
+
#
|
733
|
+
# @return [Types::CreatePermissionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
734
|
+
#
|
735
|
+
# * {Types::CreatePermissionResponse#permission #permission} => Types::ResourceSharePermissionSummary
|
736
|
+
# * {Types::CreatePermissionResponse#client_token #client_token} => String
|
737
|
+
#
|
738
|
+
# @example Request syntax with placeholder values
|
739
|
+
#
|
740
|
+
# resp = client.create_permission({
|
741
|
+
# name: "PermissionName", # required
|
742
|
+
# resource_type: "String", # required
|
743
|
+
# policy_template: "Policy", # required
|
744
|
+
# client_token: "String",
|
745
|
+
# tags: [
|
746
|
+
# {
|
747
|
+
# key: "TagKey",
|
748
|
+
# value: "TagValue",
|
749
|
+
# },
|
750
|
+
# ],
|
751
|
+
# })
|
752
|
+
#
|
753
|
+
# @example Response structure
|
754
|
+
#
|
755
|
+
# resp.permission.arn #=> String
|
756
|
+
# resp.permission.version #=> String
|
757
|
+
# resp.permission.default_version #=> Boolean
|
758
|
+
# resp.permission.name #=> String
|
759
|
+
# resp.permission.resource_type #=> String
|
760
|
+
# resp.permission.status #=> String
|
761
|
+
# resp.permission.creation_time #=> Time
|
762
|
+
# resp.permission.last_updated_time #=> Time
|
763
|
+
# resp.permission.is_resource_type_default #=> Boolean
|
764
|
+
# resp.permission.permission_type #=> String, one of "CUSTOMER_MANAGED", "AWS_MANAGED"
|
765
|
+
# resp.permission.feature_set #=> String, one of "CREATED_FROM_POLICY", "PROMOTING_TO_STANDARD", "STANDARD"
|
766
|
+
# resp.permission.tags #=> Array
|
767
|
+
# resp.permission.tags[0].key #=> String
|
768
|
+
# resp.permission.tags[0].value #=> String
|
769
|
+
# resp.client_token #=> String
|
770
|
+
#
|
771
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/CreatePermission AWS API Documentation
|
772
|
+
#
|
773
|
+
# @overload create_permission(params = {})
|
774
|
+
# @param [Hash] params ({})
|
775
|
+
def create_permission(params = {}, options = {})
|
776
|
+
req = build_request(:create_permission, params)
|
777
|
+
req.send_request(options)
|
778
|
+
end
|
779
|
+
|
780
|
+
# Creates a new version of the specified customer managed permission.
|
781
|
+
# The new version is automatically set as the default version of the
|
782
|
+
# customer managed permission. New resource shares automatically use the
|
783
|
+
# default permission. Existing resource shares continue to use their
|
784
|
+
# original permission versions, but you can use
|
785
|
+
# ReplacePermissionAssociations to update them.
|
786
|
+
#
|
787
|
+
# If the specified customer managed permission already has the maximum
|
788
|
+
# of 5 versions, then you must delete one of the existing versions
|
789
|
+
# before you can create a new one.
|
790
|
+
#
|
791
|
+
# @option params [required, String] :permission_arn
|
792
|
+
# Specifies the [Amazon Resource Name (ARN)][1] of the customer managed
|
793
|
+
# permission you're creating a new version for.
|
794
|
+
#
|
795
|
+
#
|
796
|
+
#
|
797
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
798
|
+
#
|
799
|
+
# @option params [required, String] :policy_template
|
800
|
+
# A string in JSON format string that contains the following elements of
|
801
|
+
# a resource-based policy:
|
802
|
+
#
|
803
|
+
# * **Effect**: must be set to `ALLOW`.
|
804
|
+
#
|
805
|
+
# * **Action**: specifies the actions that are allowed by this customer
|
806
|
+
# managed permission. The list must contain only actions that are
|
807
|
+
# supported by the specified resource type. For a list of all actions
|
808
|
+
# supported by each resource type, see [Actions, resources, and
|
809
|
+
# condition keys for Amazon Web Services services][1] in the *Identity
|
810
|
+
# and Access Management User Guide*.
|
811
|
+
#
|
812
|
+
# * **Condition**: (optional) specifies conditional parameters that must
|
813
|
+
# evaluate to true when a user attempts an action for that action to
|
814
|
+
# be allowed. For more information about the Condition element, see
|
815
|
+
# [IAM policies: Condition element][2] in the *Identity and Access
|
816
|
+
# Management User Guide*.
|
817
|
+
#
|
818
|
+
# This template can't include either the `Resource` or `Principal`
|
819
|
+
# elements. Those are both filled in by RAM when it instantiates the
|
820
|
+
# resource-based policy on each resource shared using this managed
|
821
|
+
# permission. The `Resource` comes from the ARN of the specific resource
|
822
|
+
# that you are sharing. The `Principal` comes from the list of
|
823
|
+
# identities added to the resource share.
|
824
|
+
#
|
825
|
+
#
|
826
|
+
#
|
827
|
+
# [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html
|
828
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html
|
829
|
+
#
|
830
|
+
# @option params [String] :client_token
|
831
|
+
# Specifies a unique, case-sensitive identifier that you provide to
|
832
|
+
# ensure the idempotency of the request. This lets you safely retry the
|
833
|
+
# request without accidentally performing the same operation a second
|
834
|
+
# time. Passing the same value to a later call to an operation requires
|
835
|
+
# that you also pass the same value for all other parameters. We
|
836
|
+
# recommend that you use a [UUID type of value.][1].
|
837
|
+
#
|
838
|
+
# If you don't provide this value, then Amazon Web Services generates a
|
839
|
+
# random one for you.
|
840
|
+
#
|
841
|
+
# If you retry the operation with the same `ClientToken`, but with
|
842
|
+
# different parameters, the retry fails with an
|
843
|
+
# `IdempotentParameterMismatch` error.
|
844
|
+
#
|
845
|
+
#
|
846
|
+
#
|
847
|
+
# [1]: https://wikipedia.org/wiki/Universally_unique_identifier
|
848
|
+
#
|
849
|
+
# @return [Types::CreatePermissionVersionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
850
|
+
#
|
851
|
+
# * {Types::CreatePermissionVersionResponse#permission #permission} => Types::ResourceSharePermissionDetail
|
852
|
+
# * {Types::CreatePermissionVersionResponse#client_token #client_token} => String
|
853
|
+
#
|
854
|
+
# @example Request syntax with placeholder values
|
855
|
+
#
|
856
|
+
# resp = client.create_permission_version({
|
857
|
+
# permission_arn: "String", # required
|
858
|
+
# policy_template: "Policy", # required
|
859
|
+
# client_token: "String",
|
860
|
+
# })
|
861
|
+
#
|
862
|
+
# @example Response structure
|
863
|
+
#
|
864
|
+
# resp.permission.arn #=> String
|
865
|
+
# resp.permission.version #=> String
|
866
|
+
# resp.permission.default_version #=> Boolean
|
867
|
+
# resp.permission.name #=> String
|
868
|
+
# resp.permission.resource_type #=> String
|
869
|
+
# resp.permission.permission #=> String
|
870
|
+
# resp.permission.creation_time #=> Time
|
871
|
+
# resp.permission.last_updated_time #=> Time
|
872
|
+
# resp.permission.is_resource_type_default #=> Boolean
|
873
|
+
# resp.permission.permission_type #=> String, one of "CUSTOMER_MANAGED", "AWS_MANAGED"
|
874
|
+
# resp.permission.feature_set #=> String, one of "CREATED_FROM_POLICY", "PROMOTING_TO_STANDARD", "STANDARD"
|
875
|
+
# resp.permission.status #=> String, one of "ATTACHABLE", "UNATTACHABLE", "DELETING", "DELETED"
|
876
|
+
# resp.permission.tags #=> Array
|
877
|
+
# resp.permission.tags[0].key #=> String
|
878
|
+
# resp.permission.tags[0].value #=> String
|
879
|
+
# resp.client_token #=> String
|
880
|
+
#
|
881
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/CreatePermissionVersion AWS API Documentation
|
882
|
+
#
|
883
|
+
# @overload create_permission_version(params = {})
|
884
|
+
# @param [Hash] params ({})
|
885
|
+
def create_permission_version(params = {}, options = {})
|
886
|
+
req = build_request(:create_permission_version, params)
|
887
|
+
req.send_request(options)
|
888
|
+
end
|
889
|
+
|
642
890
|
# Creates a resource share. You can provide a list of the [Amazon
|
643
891
|
# Resource Names (ARNs)][1] for the resources that you want to share, a
|
644
892
|
# list of principals you want to share the resources with, and the
|
@@ -670,7 +918,7 @@ module Aws::RAM
|
|
670
918
|
#
|
671
919
|
# * An Amazon Web Services account ID, for example: `123456789012`
|
672
920
|
#
|
673
|
-
# * An [Amazon
|
921
|
+
# * An [Amazon Resource Name (ARN)][1] of an organization in
|
674
922
|
# Organizations, for example:
|
675
923
|
# `organizations::123456789012:organization/o-exampleorgid`
|
676
924
|
#
|
@@ -717,6 +965,10 @@ module Aws::RAM
|
|
717
965
|
# If you don't provide this value, then Amazon Web Services generates a
|
718
966
|
# random one for you.
|
719
967
|
#
|
968
|
+
# If you retry the operation with the same `ClientToken`, but with
|
969
|
+
# different parameters, the retry fails with an
|
970
|
+
# `IdempotentParameterMismatch` error.
|
971
|
+
#
|
720
972
|
#
|
721
973
|
#
|
722
974
|
# [1]: https://wikipedia.org/wiki/Universally_unique_identifier
|
@@ -779,13 +1031,155 @@ module Aws::RAM
|
|
779
1031
|
req.send_request(options)
|
780
1032
|
end
|
781
1033
|
|
782
|
-
# Deletes the specified
|
783
|
-
#
|
784
|
-
#
|
785
|
-
#
|
1034
|
+
# Deletes the specified customer managed permission in the Amazon Web
|
1035
|
+
# Services Region in which you call this operation. You can delete a
|
1036
|
+
# customer managed permission only if it isn't attached to any resource
|
1037
|
+
# share. The operation deletes all versions associated with the customer
|
1038
|
+
# managed permission.
|
1039
|
+
#
|
1040
|
+
# @option params [required, String] :permission_arn
|
1041
|
+
# Specifies the [Amazon Resource Name (ARN)][1] of the customer managed
|
1042
|
+
# permission that you want to delete.
|
1043
|
+
#
|
1044
|
+
#
|
1045
|
+
#
|
1046
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
1047
|
+
#
|
1048
|
+
# @option params [String] :client_token
|
1049
|
+
# Specifies a unique, case-sensitive identifier that you provide to
|
1050
|
+
# ensure the idempotency of the request. This lets you safely retry the
|
1051
|
+
# request without accidentally performing the same operation a second
|
1052
|
+
# time. Passing the same value to a later call to an operation requires
|
1053
|
+
# that you also pass the same value for all other parameters. We
|
1054
|
+
# recommend that you use a [UUID type of value.][1].
|
1055
|
+
#
|
1056
|
+
# If you don't provide this value, then Amazon Web Services generates a
|
1057
|
+
# random one for you.
|
1058
|
+
#
|
1059
|
+
# If you retry the operation with the same `ClientToken`, but with
|
1060
|
+
# different parameters, the retry fails with an
|
1061
|
+
# `IdempotentParameterMismatch` error.
|
1062
|
+
#
|
1063
|
+
#
|
1064
|
+
#
|
1065
|
+
# [1]: https://wikipedia.org/wiki/Universally_unique_identifier
|
1066
|
+
#
|
1067
|
+
# @return [Types::DeletePermissionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1068
|
+
#
|
1069
|
+
# * {Types::DeletePermissionResponse#return_value #return_value} => Boolean
|
1070
|
+
# * {Types::DeletePermissionResponse#client_token #client_token} => String
|
1071
|
+
# * {Types::DeletePermissionResponse#permission_status #permission_status} => String
|
1072
|
+
#
|
1073
|
+
# @example Request syntax with placeholder values
|
1074
|
+
#
|
1075
|
+
# resp = client.delete_permission({
|
1076
|
+
# permission_arn: "String", # required
|
1077
|
+
# client_token: "String",
|
1078
|
+
# })
|
1079
|
+
#
|
1080
|
+
# @example Response structure
|
1081
|
+
#
|
1082
|
+
# resp.return_value #=> Boolean
|
1083
|
+
# resp.client_token #=> String
|
1084
|
+
# resp.permission_status #=> String, one of "ATTACHABLE", "UNATTACHABLE", "DELETING", "DELETED"
|
1085
|
+
#
|
1086
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/DeletePermission AWS API Documentation
|
1087
|
+
#
|
1088
|
+
# @overload delete_permission(params = {})
|
1089
|
+
# @param [Hash] params ({})
|
1090
|
+
def delete_permission(params = {}, options = {})
|
1091
|
+
req = build_request(:delete_permission, params)
|
1092
|
+
req.send_request(options)
|
1093
|
+
end
|
1094
|
+
|
1095
|
+
# Deletes one version of a customer managed permission. The version you
|
1096
|
+
# specify must not be attached to any resource share and must not be the
|
1097
|
+
# default version for the permission.
|
1098
|
+
#
|
1099
|
+
# If a customer managed permission has the maximum of 5 versions, then
|
1100
|
+
# you must delete at least one version before you can create another.
|
1101
|
+
#
|
1102
|
+
# @option params [required, String] :permission_arn
|
1103
|
+
# Specifies the [Amazon Resource Name (ARN)][1] of the permission with
|
1104
|
+
# the version you want to delete.
|
1105
|
+
#
|
1106
|
+
#
|
1107
|
+
#
|
1108
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
1109
|
+
#
|
1110
|
+
# @option params [required, Integer] :permission_version
|
1111
|
+
# Specifies the version number to delete.
|
1112
|
+
#
|
1113
|
+
# You can't delete the default version for a customer managed
|
1114
|
+
# permission.
|
1115
|
+
#
|
1116
|
+
# You can't delete a version if it's the only version of the
|
1117
|
+
# permission. You must either first create another version, or delete
|
1118
|
+
# the permission completely.
|
1119
|
+
#
|
1120
|
+
# You can't delete a version if it is attached to any resource shares.
|
1121
|
+
# If the version is the default, you must first use
|
1122
|
+
# SetDefaultPermissionVersion to set a different version as the default
|
1123
|
+
# for the customer managed permission, and then use
|
1124
|
+
# AssociateResourceSharePermission to update your resource shares to use
|
1125
|
+
# the new default version.
|
1126
|
+
#
|
1127
|
+
# @option params [String] :client_token
|
1128
|
+
# Specifies a unique, case-sensitive identifier that you provide to
|
1129
|
+
# ensure the idempotency of the request. This lets you safely retry the
|
1130
|
+
# request without accidentally performing the same operation a second
|
1131
|
+
# time. Passing the same value to a later call to an operation requires
|
1132
|
+
# that you also pass the same value for all other parameters. We
|
1133
|
+
# recommend that you use a [UUID type of value.][1].
|
1134
|
+
#
|
1135
|
+
# If you don't provide this value, then Amazon Web Services generates a
|
1136
|
+
# random one for you.
|
1137
|
+
#
|
1138
|
+
# If you retry the operation with the same `ClientToken`, but with
|
1139
|
+
# different parameters, the retry fails with an
|
1140
|
+
# `IdempotentParameterMismatch` error.
|
1141
|
+
#
|
1142
|
+
#
|
1143
|
+
#
|
1144
|
+
# [1]: https://wikipedia.org/wiki/Universally_unique_identifier
|
1145
|
+
#
|
1146
|
+
# @return [Types::DeletePermissionVersionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1147
|
+
#
|
1148
|
+
# * {Types::DeletePermissionVersionResponse#return_value #return_value} => Boolean
|
1149
|
+
# * {Types::DeletePermissionVersionResponse#client_token #client_token} => String
|
1150
|
+
# * {Types::DeletePermissionVersionResponse#permission_status #permission_status} => String
|
1151
|
+
#
|
1152
|
+
# @example Request syntax with placeholder values
|
1153
|
+
#
|
1154
|
+
# resp = client.delete_permission_version({
|
1155
|
+
# permission_arn: "String", # required
|
1156
|
+
# permission_version: 1, # required
|
1157
|
+
# client_token: "String",
|
1158
|
+
# })
|
1159
|
+
#
|
1160
|
+
# @example Response structure
|
1161
|
+
#
|
1162
|
+
# resp.return_value #=> Boolean
|
1163
|
+
# resp.client_token #=> String
|
1164
|
+
# resp.permission_status #=> String, one of "ATTACHABLE", "UNATTACHABLE", "DELETING", "DELETED"
|
1165
|
+
#
|
1166
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/DeletePermissionVersion AWS API Documentation
|
1167
|
+
#
|
1168
|
+
# @overload delete_permission_version(params = {})
|
1169
|
+
# @param [Hash] params ({})
|
1170
|
+
def delete_permission_version(params = {}, options = {})
|
1171
|
+
req = build_request(:delete_permission_version, params)
|
1172
|
+
req.send_request(options)
|
1173
|
+
end
|
1174
|
+
|
1175
|
+
# Deletes the specified resource share.
|
1176
|
+
#
|
1177
|
+
# This doesn't delete any of the resources that were associated with
|
1178
|
+
# the resource share; it only stops the sharing of those resources
|
1179
|
+
# through this resource share.
|
786
1180
|
#
|
787
1181
|
# @option params [required, String] :resource_share_arn
|
788
|
-
# Specifies the [Amazon
|
1182
|
+
# Specifies the [Amazon Resource Name (ARN)][1] of the resource share to
|
789
1183
|
# delete.
|
790
1184
|
#
|
791
1185
|
#
|
@@ -803,6 +1197,10 @@ module Aws::RAM
|
|
803
1197
|
# If you don't provide this value, then Amazon Web Services generates a
|
804
1198
|
# random one for you.
|
805
1199
|
#
|
1200
|
+
# If you retry the operation with the same `ClientToken`, but with
|
1201
|
+
# different parameters, the retry fails with an
|
1202
|
+
# `IdempotentParameterMismatch` error.
|
1203
|
+
#
|
806
1204
|
#
|
807
1205
|
#
|
808
1206
|
# [1]: https://wikipedia.org/wiki/Universally_unique_identifier
|
@@ -833,12 +1231,12 @@ module Aws::RAM
|
|
833
1231
|
req.send_request(options)
|
834
1232
|
end
|
835
1233
|
|
836
|
-
#
|
837
|
-
# resource share.
|
1234
|
+
# Removes the specified principals or resources from participating in
|
1235
|
+
# the specified resource share.
|
838
1236
|
#
|
839
1237
|
# @option params [required, String] :resource_share_arn
|
840
|
-
# Specifies [Amazon
|
841
|
-
# you want to remove resources from.
|
1238
|
+
# Specifies [Amazon Resource Name (ARN)][1] of the resource share that
|
1239
|
+
# you want to remove resources or principals from.
|
842
1240
|
#
|
843
1241
|
#
|
844
1242
|
#
|
@@ -848,7 +1246,7 @@ module Aws::RAM
|
|
848
1246
|
# Specifies a list of [Amazon Resource Names (ARNs)][1] for one or more
|
849
1247
|
# resources that you want to remove from the resource share. After the
|
850
1248
|
# operation runs, these resources are no longer shared with principals
|
851
|
-
#
|
1249
|
+
# associated with the resource share.
|
852
1250
|
#
|
853
1251
|
#
|
854
1252
|
#
|
@@ -862,7 +1260,7 @@ module Aws::RAM
|
|
862
1260
|
#
|
863
1261
|
# * An Amazon Web Services account ID, for example: `123456789012`
|
864
1262
|
#
|
865
|
-
# * An [Amazon
|
1263
|
+
# * An [Amazon Resource Name (ARN)][1] of an organization in
|
866
1264
|
# Organizations, for example:
|
867
1265
|
# `organizations::123456789012:organization/o-exampleorgid`
|
868
1266
|
#
|
@@ -896,6 +1294,10 @@ module Aws::RAM
|
|
896
1294
|
# If you don't provide this value, then Amazon Web Services generates a
|
897
1295
|
# random one for you.
|
898
1296
|
#
|
1297
|
+
# If you retry the operation with the same `ClientToken`, but with
|
1298
|
+
# different parameters, the retry fails with an
|
1299
|
+
# `IdempotentParameterMismatch` error.
|
1300
|
+
#
|
899
1301
|
#
|
900
1302
|
#
|
901
1303
|
# [1]: https://wikipedia.org/wiki/Universally_unique_identifier
|
@@ -937,23 +1339,23 @@ module Aws::RAM
|
|
937
1339
|
req.send_request(options)
|
938
1340
|
end
|
939
1341
|
|
940
|
-
#
|
941
|
-
#
|
942
|
-
#
|
1342
|
+
# Removes a managed permission from a resource share. Permission changes
|
1343
|
+
# take effect immediately. You can remove a managed permission from a
|
1344
|
+
# resource share only if there are currently no resources of the
|
943
1345
|
# relevant resource type currently attached to the resource share.
|
944
1346
|
#
|
945
1347
|
# @option params [required, String] :resource_share_arn
|
946
|
-
# The [Amazon
|
947
|
-
#
|
1348
|
+
# The [Amazon Resource Name (ARN)][1] of the resource share that you
|
1349
|
+
# want to remove the managed permission from.
|
948
1350
|
#
|
949
1351
|
#
|
950
1352
|
#
|
951
1353
|
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
952
1354
|
#
|
953
1355
|
# @option params [required, String] :permission_arn
|
954
|
-
# The [Amazon
|
955
|
-
# from the resource share. Changes to permissions take
|
956
|
-
# immediately.
|
1356
|
+
# The [Amazon Resource Name (ARN)][1] of the managed permission to
|
1357
|
+
# disassociate from the resource share. Changes to permissions take
|
1358
|
+
# effect immediately.
|
957
1359
|
#
|
958
1360
|
#
|
959
1361
|
#
|
@@ -970,6 +1372,10 @@ module Aws::RAM
|
|
970
1372
|
# If you don't provide this value, then Amazon Web Services generates a
|
971
1373
|
# random one for you.
|
972
1374
|
#
|
1375
|
+
# If you retry the operation with the same `ClientToken`, but with
|
1376
|
+
# different parameters, the retry fails with an
|
1377
|
+
# `IdempotentParameterMismatch` error.
|
1378
|
+
#
|
973
1379
|
#
|
974
1380
|
#
|
975
1381
|
# [1]: https://wikipedia.org/wiki/Universally_unique_identifier
|
@@ -1002,15 +1408,18 @@ module Aws::RAM
|
|
1002
1408
|
end
|
1003
1409
|
|
1004
1410
|
# Enables resource sharing within your organization in Organizations.
|
1005
|
-
#
|
1006
|
-
#
|
1007
|
-
#
|
1411
|
+
# This operation creates a service-linked role called
|
1412
|
+
# `AWSServiceRoleForResourceAccessManager` that has the IAM managed
|
1413
|
+
# policy named AWSResourceAccessManagerServiceRolePolicy attached. This
|
1414
|
+
# role permits RAM to retrieve information about the organization and
|
1415
|
+
# its structure. This lets you share resources with all of the accounts
|
1416
|
+
# in the calling account's organization by specifying the organization
|
1008
1417
|
# ID, or all of the accounts in an organizational unit (OU) by
|
1009
|
-
# specifying the OU
|
1418
|
+
# specifying the OU ID. Until you enable sharing within the
|
1010
1419
|
# organization, you can specify only individual Amazon Web Services
|
1011
|
-
# accounts, or for supported resource types, IAM
|
1420
|
+
# accounts, or for supported resource types, IAM roles and users.
|
1012
1421
|
#
|
1013
|
-
# You must call this operation from an IAM
|
1422
|
+
# You must call this operation from an IAM role or user in the
|
1014
1423
|
# organization's management account.
|
1015
1424
|
#
|
1016
1425
|
# @return [Types::EnableSharingWithAwsOrganizationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
@@ -1030,10 +1439,10 @@ module Aws::RAM
|
|
1030
1439
|
req.send_request(options)
|
1031
1440
|
end
|
1032
1441
|
|
1033
|
-
#
|
1442
|
+
# Retrieves the contents of a managed permission in JSON format.
|
1034
1443
|
#
|
1035
1444
|
# @option params [required, String] :permission_arn
|
1036
|
-
# Specifies the [Amazon
|
1445
|
+
# Specifies the [Amazon Resource Name (ARN)][1] of the permission whose
|
1037
1446
|
# contents you want to retrieve. To find the ARN for a permission, use
|
1038
1447
|
# either the ListPermissions operation or go to the [Permissions
|
1039
1448
|
# library][2] page in the RAM console and then choose the name of the
|
@@ -1045,9 +1454,11 @@ module Aws::RAM
|
|
1045
1454
|
# [2]: https://console.aws.amazon.com/ram/home#Permissions:
|
1046
1455
|
#
|
1047
1456
|
# @option params [Integer] :permission_version
|
1048
|
-
# Specifies
|
1049
|
-
#
|
1050
|
-
#
|
1457
|
+
# Specifies the version number of the RAM permission to retrieve. If you
|
1458
|
+
# don't specify this parameter, the operation retrieves the default
|
1459
|
+
# version.
|
1460
|
+
#
|
1461
|
+
# To see the list of available versions, use ListPermissionVersions.
|
1051
1462
|
#
|
1052
1463
|
# @return [Types::GetPermissionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1053
1464
|
#
|
@@ -1071,6 +1482,12 @@ module Aws::RAM
|
|
1071
1482
|
# resp.permission.creation_time #=> Time
|
1072
1483
|
# resp.permission.last_updated_time #=> Time
|
1073
1484
|
# resp.permission.is_resource_type_default #=> Boolean
|
1485
|
+
# resp.permission.permission_type #=> String, one of "CUSTOMER_MANAGED", "AWS_MANAGED"
|
1486
|
+
# resp.permission.feature_set #=> String, one of "CREATED_FROM_POLICY", "PROMOTING_TO_STANDARD", "STANDARD"
|
1487
|
+
# resp.permission.status #=> String, one of "ATTACHABLE", "UNATTACHABLE", "DELETING", "DELETED"
|
1488
|
+
# resp.permission.tags #=> Array
|
1489
|
+
# resp.permission.tags[0].key #=> String
|
1490
|
+
# resp.permission.tags[0].value #=> String
|
1074
1491
|
#
|
1075
1492
|
# @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/GetPermission AWS API Documentation
|
1076
1493
|
#
|
@@ -1145,18 +1562,17 @@ module Aws::RAM
|
|
1145
1562
|
req.send_request(options)
|
1146
1563
|
end
|
1147
1564
|
|
1148
|
-
# Retrieves the
|
1149
|
-
# that you own.
|
1565
|
+
# Retrieves the lists of resources and principals that associated for
|
1566
|
+
# resource shares that you own.
|
1150
1567
|
#
|
1151
1568
|
# @option params [required, String] :association_type
|
1152
1569
|
# Specifies whether you want to retrieve the associations that involve a
|
1153
1570
|
# specified resource or principal.
|
1154
1571
|
#
|
1155
|
-
# * `PRINCIPAL` – list the principals
|
1156
|
-
#
|
1572
|
+
# * `PRINCIPAL` – list the principals whose associations you want to
|
1573
|
+
# see.
|
1157
1574
|
#
|
1158
|
-
# * `RESOURCE` – list the resources
|
1159
|
-
# specified resource share.
|
1575
|
+
# * `RESOURCE` – list the resources whose associations you want to see.
|
1160
1576
|
#
|
1161
1577
|
# @option params [Array<String>] :resource_share_arns
|
1162
1578
|
# Specifies a list of [Amazon Resource Names (ARNs)][1] of the resource
|
@@ -1167,7 +1583,7 @@ module Aws::RAM
|
|
1167
1583
|
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
1168
1584
|
#
|
1169
1585
|
# @option params [String] :resource_arn
|
1170
|
-
# Specifies the [Amazon
|
1586
|
+
# Specifies the [Amazon Resource Name (ARN)][1] of a resource whose
|
1171
1587
|
# resource shares you want to retrieve.
|
1172
1588
|
#
|
1173
1589
|
# You cannot specify this parameter if the association type is
|
@@ -1180,7 +1596,7 @@ module Aws::RAM
|
|
1180
1596
|
# @option params [String] :principal
|
1181
1597
|
# Specifies the ID of the principal whose resource shares you want to
|
1182
1598
|
# retrieve. This can be an Amazon Web Services account ID, an
|
1183
|
-
# organization ID, an organizational unit ID, or the [Amazon
|
1599
|
+
# organization ID, an organizational unit ID, or the [Amazon Resource
|
1184
1600
|
# Name (ARN)][1] of an individual IAM user or role.
|
1185
1601
|
#
|
1186
1602
|
# You cannot specify this parameter if the association type is
|
@@ -1191,7 +1607,7 @@ module Aws::RAM
|
|
1191
1607
|
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
1192
1608
|
#
|
1193
1609
|
# @option params [String] :association_status
|
1194
|
-
# Specifies that you want to retrieve only associations
|
1610
|
+
# Specifies that you want to retrieve only associations that have this
|
1195
1611
|
# status.
|
1196
1612
|
#
|
1197
1613
|
# @option params [String] :next_token
|
@@ -1396,13 +1812,17 @@ module Aws::RAM
|
|
1396
1812
|
#
|
1397
1813
|
# @option params [String] :permission_arn
|
1398
1814
|
# Specifies that you want to retrieve details of only those resource
|
1399
|
-
# shares that use the
|
1815
|
+
# shares that use the managed permission with this [Amazon Resource Name
|
1400
1816
|
# (ARN)][1].
|
1401
1817
|
#
|
1402
1818
|
#
|
1403
1819
|
#
|
1404
1820
|
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
1405
1821
|
#
|
1822
|
+
# @option params [Integer] :permission_version
|
1823
|
+
# Specifies that you want to retrieve details for only those resource
|
1824
|
+
# shares that use the specified version of the managed permission.
|
1825
|
+
#
|
1406
1826
|
# @return [Types::GetResourceSharesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1407
1827
|
#
|
1408
1828
|
# * {Types::GetResourceSharesResponse#resource_shares #resource_shares} => Array<Types::ResourceShare>
|
@@ -1426,6 +1846,7 @@ module Aws::RAM
|
|
1426
1846
|
# next_token: "String",
|
1427
1847
|
# max_results: 1,
|
1428
1848
|
# permission_arn: "String",
|
1849
|
+
# permission_version: 1,
|
1429
1850
|
# })
|
1430
1851
|
#
|
1431
1852
|
# @example Response structure
|
@@ -1460,7 +1881,7 @@ module Aws::RAM
|
|
1460
1881
|
# hasn't expired.
|
1461
1882
|
#
|
1462
1883
|
# @option params [required, String] :resource_share_invitation_arn
|
1463
|
-
# Specifies the [Amazon
|
1884
|
+
# Specifies the [Amazon Resource Name (ARN)][1] of the invitation. You
|
1464
1885
|
# can use GetResourceShareInvitations to find the ARN of the invitation.
|
1465
1886
|
#
|
1466
1887
|
#
|
@@ -1540,10 +1961,111 @@ module Aws::RAM
|
|
1540
1961
|
req.send_request(options)
|
1541
1962
|
end
|
1542
1963
|
|
1964
|
+
# Lists information about the managed permission and its associations to
|
1965
|
+
# any resource shares that use this managed permission. This lets you
|
1966
|
+
# see which resource shares use which versions of the specified managed
|
1967
|
+
# permission.
|
1968
|
+
#
|
1969
|
+
# @option params [String] :permission_arn
|
1970
|
+
# Specifies the [Amazon Resource Name (ARN)][1] of the managed
|
1971
|
+
# permission.
|
1972
|
+
#
|
1973
|
+
#
|
1974
|
+
#
|
1975
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
1976
|
+
#
|
1977
|
+
# @option params [Integer] :permission_version
|
1978
|
+
# Specifies that you want to list only those associations with resource
|
1979
|
+
# shares that use this version of the managed permission. If you don't
|
1980
|
+
# provide a value for this parameter, then the operation returns
|
1981
|
+
# information about associations with resource shares that use any
|
1982
|
+
# version of the managed permission.
|
1983
|
+
#
|
1984
|
+
# @option params [String] :association_status
|
1985
|
+
# Specifies that you want to list only those associations with resource
|
1986
|
+
# shares that match this status.
|
1987
|
+
#
|
1988
|
+
# @option params [String] :resource_type
|
1989
|
+
# Specifies that you want to list only those associations with resource
|
1990
|
+
# shares that include at least one resource of this resource type.
|
1991
|
+
#
|
1992
|
+
# @option params [String] :feature_set
|
1993
|
+
# Specifies that you want to list only those associations with resource
|
1994
|
+
# shares that have a `featureSet` with this value.
|
1995
|
+
#
|
1996
|
+
# @option params [Boolean] :default_version
|
1997
|
+
# When `true`, specifies that you want to list only those associations
|
1998
|
+
# with resource shares that use the default version of the specified
|
1999
|
+
# managed permission.
|
2000
|
+
#
|
2001
|
+
# When `false` (the default value), lists associations with resource
|
2002
|
+
# shares that use any version of the specified managed permission.
|
2003
|
+
#
|
2004
|
+
# @option params [String] :next_token
|
2005
|
+
# Specifies that you want to receive the next page of results. Valid
|
2006
|
+
# only if you received a `NextToken` response in the previous request.
|
2007
|
+
# If you did, it indicates that more output is available. Set this
|
2008
|
+
# parameter to the value provided by the previous call's `NextToken`
|
2009
|
+
# response to request the next page of results.
|
2010
|
+
#
|
2011
|
+
# @option params [Integer] :max_results
|
2012
|
+
# Specifies the total number of results that you want included on each
|
2013
|
+
# page of the response. If you do not include this parameter, it
|
2014
|
+
# defaults to a value that is specific to the operation. If additional
|
2015
|
+
# items exist beyond the number you specify, the `NextToken` response
|
2016
|
+
# element is returned with a value (not null). Include the specified
|
2017
|
+
# value as the `NextToken` request parameter in the next call to the
|
2018
|
+
# operation to get the next part of the results. Note that the service
|
2019
|
+
# might return fewer results than the maximum even when there are more
|
2020
|
+
# results available. You should check `NextToken` after every operation
|
2021
|
+
# to ensure that you receive all of the results.
|
2022
|
+
#
|
2023
|
+
# @return [Types::ListPermissionAssociationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2024
|
+
#
|
2025
|
+
# * {Types::ListPermissionAssociationsResponse#permissions #permissions} => Array<Types::AssociatedPermission>
|
2026
|
+
# * {Types::ListPermissionAssociationsResponse#next_token #next_token} => String
|
2027
|
+
#
|
2028
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
2029
|
+
#
|
2030
|
+
# @example Request syntax with placeholder values
|
2031
|
+
#
|
2032
|
+
# resp = client.list_permission_associations({
|
2033
|
+
# permission_arn: "String",
|
2034
|
+
# permission_version: 1,
|
2035
|
+
# association_status: "ASSOCIATING", # accepts ASSOCIATING, ASSOCIATED, FAILED, DISASSOCIATING, DISASSOCIATED
|
2036
|
+
# resource_type: "String",
|
2037
|
+
# feature_set: "CREATED_FROM_POLICY", # accepts CREATED_FROM_POLICY, PROMOTING_TO_STANDARD, STANDARD
|
2038
|
+
# default_version: false,
|
2039
|
+
# next_token: "String",
|
2040
|
+
# max_results: 1,
|
2041
|
+
# })
|
2042
|
+
#
|
2043
|
+
# @example Response structure
|
2044
|
+
#
|
2045
|
+
# resp.permissions #=> Array
|
2046
|
+
# resp.permissions[0].arn #=> String
|
2047
|
+
# resp.permissions[0].permission_version #=> String
|
2048
|
+
# resp.permissions[0].default_version #=> Boolean
|
2049
|
+
# resp.permissions[0].resource_type #=> String
|
2050
|
+
# resp.permissions[0].status #=> String
|
2051
|
+
# resp.permissions[0].feature_set #=> String, one of "CREATED_FROM_POLICY", "PROMOTING_TO_STANDARD", "STANDARD"
|
2052
|
+
# resp.permissions[0].last_updated_time #=> Time
|
2053
|
+
# resp.permissions[0].resource_share_arn #=> String
|
2054
|
+
# resp.next_token #=> String
|
2055
|
+
#
|
2056
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListPermissionAssociations AWS API Documentation
|
2057
|
+
#
|
2058
|
+
# @overload list_permission_associations(params = {})
|
2059
|
+
# @param [Hash] params ({})
|
2060
|
+
def list_permission_associations(params = {}, options = {})
|
2061
|
+
req = build_request(:list_permission_associations, params)
|
2062
|
+
req.send_request(options)
|
2063
|
+
end
|
2064
|
+
|
1543
2065
|
# Lists the available versions of the specified RAM permission.
|
1544
2066
|
#
|
1545
2067
|
# @option params [required, String] :permission_arn
|
1546
|
-
# Specifies the [Amazon
|
2068
|
+
# Specifies the [Amazon Resource Name (ARN)][1] of the RAM permission
|
1547
2069
|
# whose versions you want to list. You can use the `permissionVersion`
|
1548
2070
|
# parameter on the AssociateResourceSharePermission operation to specify
|
1549
2071
|
# a non-default version to attach.
|
@@ -1598,6 +2120,11 @@ module Aws::RAM
|
|
1598
2120
|
# resp.permissions[0].creation_time #=> Time
|
1599
2121
|
# resp.permissions[0].last_updated_time #=> Time
|
1600
2122
|
# resp.permissions[0].is_resource_type_default #=> Boolean
|
2123
|
+
# resp.permissions[0].permission_type #=> String, one of "CUSTOMER_MANAGED", "AWS_MANAGED"
|
2124
|
+
# resp.permissions[0].feature_set #=> String, one of "CREATED_FROM_POLICY", "PROMOTING_TO_STANDARD", "STANDARD"
|
2125
|
+
# resp.permissions[0].tags #=> Array
|
2126
|
+
# resp.permissions[0].tags[0].key #=> String
|
2127
|
+
# resp.permissions[0].tags[0].value #=> String
|
1601
2128
|
# resp.next_token #=> String
|
1602
2129
|
#
|
1603
2130
|
# @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListPermissionVersions AWS API Documentation
|
@@ -1613,9 +2140,11 @@ module Aws::RAM
|
|
1613
2140
|
# supported resource types.
|
1614
2141
|
#
|
1615
2142
|
# @option params [String] :resource_type
|
1616
|
-
# Specifies that you want to list permissions
|
1617
|
-
# resource type.
|
1618
|
-
#
|
2143
|
+
# Specifies that you want to list only those permissions that apply to
|
2144
|
+
# the specified resource type. This parameter is not case sensitive.
|
2145
|
+
#
|
2146
|
+
# For example, to list only permissions that apply to Amazon EC2
|
2147
|
+
# subnets, specify `ec2:subnet`. You can use the ListResourceTypes
|
1619
2148
|
# operation to get the specific string required.
|
1620
2149
|
#
|
1621
2150
|
# @option params [String] :next_token
|
@@ -1637,6 +2166,18 @@ module Aws::RAM
|
|
1637
2166
|
# results available. You should check `NextToken` after every operation
|
1638
2167
|
# to ensure that you receive all of the results.
|
1639
2168
|
#
|
2169
|
+
# @option params [String] :permission_type
|
2170
|
+
# Specifies that you want to list only permissions of this type:
|
2171
|
+
#
|
2172
|
+
# * `AWS` – returns only Amazon Web Services managed permissions.
|
2173
|
+
#
|
2174
|
+
# * `LOCAL` – returns only customer managed permissions
|
2175
|
+
#
|
2176
|
+
# * `ALL` – returns both Amazon Web Services managed permissions and
|
2177
|
+
# customer managed permissions.
|
2178
|
+
#
|
2179
|
+
# If you don't specify this parameter, the default is `All`.
|
2180
|
+
#
|
1640
2181
|
# @return [Types::ListPermissionsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1641
2182
|
#
|
1642
2183
|
# * {Types::ListPermissionsResponse#permissions #permissions} => Array<Types::ResourceSharePermissionSummary>
|
@@ -1650,6 +2191,7 @@ module Aws::RAM
|
|
1650
2191
|
# resource_type: "String",
|
1651
2192
|
# next_token: "String",
|
1652
2193
|
# max_results: 1,
|
2194
|
+
# permission_type: "ALL", # accepts ALL, AWS_MANAGED, CUSTOMER_MANAGED
|
1653
2195
|
# })
|
1654
2196
|
#
|
1655
2197
|
# @example Response structure
|
@@ -1664,6 +2206,11 @@ module Aws::RAM
|
|
1664
2206
|
# resp.permissions[0].creation_time #=> Time
|
1665
2207
|
# resp.permissions[0].last_updated_time #=> Time
|
1666
2208
|
# resp.permissions[0].is_resource_type_default #=> Boolean
|
2209
|
+
# resp.permissions[0].permission_type #=> String, one of "CUSTOMER_MANAGED", "AWS_MANAGED"
|
2210
|
+
# resp.permissions[0].feature_set #=> String, one of "CREATED_FROM_POLICY", "PROMOTING_TO_STANDARD", "STANDARD"
|
2211
|
+
# resp.permissions[0].tags #=> Array
|
2212
|
+
# resp.permissions[0].tags[0].key #=> String
|
2213
|
+
# resp.permissions[0].tags[0].value #=> String
|
1667
2214
|
# resp.next_token #=> String
|
1668
2215
|
#
|
1669
2216
|
# @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListPermissions AWS API Documentation
|
@@ -1690,7 +2237,7 @@ module Aws::RAM
|
|
1690
2237
|
#
|
1691
2238
|
# @option params [String] :resource_arn
|
1692
2239
|
# Specifies that you want to list principal information for the resource
|
1693
|
-
# share with the specified [Amazon
|
2240
|
+
# share with the specified [Amazon Resource Name (ARN)][1].
|
1694
2241
|
#
|
1695
2242
|
#
|
1696
2243
|
#
|
@@ -1704,7 +2251,7 @@ module Aws::RAM
|
|
1704
2251
|
#
|
1705
2252
|
# * An Amazon Web Services account ID, for example: `123456789012`
|
1706
2253
|
#
|
1707
|
-
# * An [Amazon
|
2254
|
+
# * An [Amazon Resource Name (ARN)][1] of an organization in
|
1708
2255
|
# Organizations, for example:
|
1709
2256
|
# `organizations::123456789012:organization/o-exampleorgid`
|
1710
2257
|
#
|
@@ -1800,11 +2347,81 @@ module Aws::RAM
|
|
1800
2347
|
req.send_request(options)
|
1801
2348
|
end
|
1802
2349
|
|
2350
|
+
# Retrieves the current status of the asynchronous tasks performed by
|
2351
|
+
# RAM when you perform the ReplacePermissionAssociationsWork operation.
|
2352
|
+
#
|
2353
|
+
# @option params [Array<String>] :work_ids
|
2354
|
+
# A list of IDs. These values come from the `id`field of the
|
2355
|
+
# `replacePermissionAssociationsWork`structure returned by the
|
2356
|
+
# ReplacePermissionAssociations operation.
|
2357
|
+
#
|
2358
|
+
# @option params [String] :status
|
2359
|
+
# Specifies that you want to see only the details about requests with a
|
2360
|
+
# status that matches this value.
|
2361
|
+
#
|
2362
|
+
# @option params [String] :next_token
|
2363
|
+
# Specifies that you want to receive the next page of results. Valid
|
2364
|
+
# only if you received a `NextToken` response in the previous request.
|
2365
|
+
# If you did, it indicates that more output is available. Set this
|
2366
|
+
# parameter to the value provided by the previous call's `NextToken`
|
2367
|
+
# response to request the next page of results.
|
2368
|
+
#
|
2369
|
+
# @option params [Integer] :max_results
|
2370
|
+
# Specifies the total number of results that you want included on each
|
2371
|
+
# page of the response. If you do not include this parameter, it
|
2372
|
+
# defaults to a value that is specific to the operation. If additional
|
2373
|
+
# items exist beyond the number you specify, the `NextToken` response
|
2374
|
+
# element is returned with a value (not null). Include the specified
|
2375
|
+
# value as the `NextToken` request parameter in the next call to the
|
2376
|
+
# operation to get the next part of the results. Note that the service
|
2377
|
+
# might return fewer results than the maximum even when there are more
|
2378
|
+
# results available. You should check `NextToken` after every operation
|
2379
|
+
# to ensure that you receive all of the results.
|
2380
|
+
#
|
2381
|
+
# @return [Types::ListReplacePermissionAssociationsWorkResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2382
|
+
#
|
2383
|
+
# * {Types::ListReplacePermissionAssociationsWorkResponse#replace_permission_associations_works #replace_permission_associations_works} => Array<Types::ReplacePermissionAssociationsWork>
|
2384
|
+
# * {Types::ListReplacePermissionAssociationsWorkResponse#next_token #next_token} => String
|
2385
|
+
#
|
2386
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
2387
|
+
#
|
2388
|
+
# @example Request syntax with placeholder values
|
2389
|
+
#
|
2390
|
+
# resp = client.list_replace_permission_associations_work({
|
2391
|
+
# work_ids: ["String"],
|
2392
|
+
# status: "IN_PROGRESS", # accepts IN_PROGRESS, COMPLETED, FAILED
|
2393
|
+
# next_token: "String",
|
2394
|
+
# max_results: 1,
|
2395
|
+
# })
|
2396
|
+
#
|
2397
|
+
# @example Response structure
|
2398
|
+
#
|
2399
|
+
# resp.replace_permission_associations_works #=> Array
|
2400
|
+
# resp.replace_permission_associations_works[0].id #=> String
|
2401
|
+
# resp.replace_permission_associations_works[0].from_permission_arn #=> String
|
2402
|
+
# resp.replace_permission_associations_works[0].from_permission_version #=> String
|
2403
|
+
# resp.replace_permission_associations_works[0].to_permission_arn #=> String
|
2404
|
+
# resp.replace_permission_associations_works[0].to_permission_version #=> String
|
2405
|
+
# resp.replace_permission_associations_works[0].status #=> String, one of "IN_PROGRESS", "COMPLETED", "FAILED"
|
2406
|
+
# resp.replace_permission_associations_works[0].status_message #=> String
|
2407
|
+
# resp.replace_permission_associations_works[0].creation_time #=> Time
|
2408
|
+
# resp.replace_permission_associations_works[0].last_updated_time #=> Time
|
2409
|
+
# resp.next_token #=> String
|
2410
|
+
#
|
2411
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListReplacePermissionAssociationsWork AWS API Documentation
|
2412
|
+
#
|
2413
|
+
# @overload list_replace_permission_associations_work(params = {})
|
2414
|
+
# @param [Hash] params ({})
|
2415
|
+
def list_replace_permission_associations_work(params = {}, options = {})
|
2416
|
+
req = build_request(:list_replace_permission_associations_work, params)
|
2417
|
+
req.send_request(options)
|
2418
|
+
end
|
2419
|
+
|
1803
2420
|
# Lists the RAM permissions that are associated with a resource share.
|
1804
2421
|
#
|
1805
2422
|
# @option params [required, String] :resource_share_arn
|
1806
|
-
# Specifies the [Amazon
|
1807
|
-
# which you want to retrieve the associated permissions.
|
2423
|
+
# Specifies the [Amazon Resource Name (ARN)][1] of the resource share
|
2424
|
+
# for which you want to retrieve the associated permissions.
|
1808
2425
|
#
|
1809
2426
|
#
|
1810
2427
|
#
|
@@ -1856,6 +2473,11 @@ module Aws::RAM
|
|
1856
2473
|
# resp.permissions[0].creation_time #=> Time
|
1857
2474
|
# resp.permissions[0].last_updated_time #=> Time
|
1858
2475
|
# resp.permissions[0].is_resource_type_default #=> Boolean
|
2476
|
+
# resp.permissions[0].permission_type #=> String, one of "CUSTOMER_MANAGED", "AWS_MANAGED"
|
2477
|
+
# resp.permissions[0].feature_set #=> String, one of "CREATED_FROM_POLICY", "PROMOTING_TO_STANDARD", "STANDARD"
|
2478
|
+
# resp.permissions[0].tags #=> Array
|
2479
|
+
# resp.permissions[0].tags[0].key #=> String
|
2480
|
+
# resp.permissions[0].tags[0].value #=> String
|
1859
2481
|
# resp.next_token #=> String
|
1860
2482
|
#
|
1861
2483
|
# @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListResourceSharePermissions AWS API Documentation
|
@@ -2051,18 +2673,135 @@ module Aws::RAM
|
|
2051
2673
|
req.send_request(options)
|
2052
2674
|
end
|
2053
2675
|
|
2054
|
-
# When you attach a resource-based
|
2055
|
-
# automatically creates a resource share
|
2056
|
-
#
|
2057
|
-
#
|
2676
|
+
# When you attach a resource-based policy to a resource, RAM
|
2677
|
+
# automatically creates a resource share of
|
2678
|
+
# `featureSet`=`CREATED_FROM_POLICY` with a managed permission that has
|
2679
|
+
# the same IAM permissions as the original resource-based policy.
|
2680
|
+
# However, this type of managed permission is visible to only the
|
2681
|
+
# resource share owner, and the associated resource share can't be
|
2682
|
+
# modified by using RAM.
|
2683
|
+
#
|
2684
|
+
# This operation creates a separate, fully manageable customer managed
|
2685
|
+
# permission that has the same IAM permissions as the original
|
2686
|
+
# resource-based policy. You can associate this customer managed
|
2687
|
+
# permission to any resource shares.
|
2688
|
+
#
|
2689
|
+
# Before you use PromoteResourceShareCreatedFromPolicy, you should first
|
2690
|
+
# run this operation to ensure that you have an appropriate customer
|
2691
|
+
# managed permission that can be associated with the promoted resource
|
2692
|
+
# share.
|
2693
|
+
#
|
2694
|
+
# <note markdown="1"> * The original `CREATED_FROM_POLICY` policy isn't deleted, and
|
2695
|
+
# resource shares using that original policy aren't automatically
|
2696
|
+
# updated.
|
2697
|
+
#
|
2698
|
+
# * You can't modify a `CREATED_FROM_POLICY` resource share so you
|
2699
|
+
# can't associate the new customer managed permission by using
|
2700
|
+
# `ReplacePermsissionAssociations`. However, if you use
|
2701
|
+
# PromoteResourceShareCreatedFromPolicy, that operation automatically
|
2702
|
+
# associates the fully manageable customer managed permission to the
|
2703
|
+
# newly promoted `STANDARD` resource share.
|
2704
|
+
#
|
2705
|
+
# * After you promote a resource share, if the original
|
2706
|
+
# `CREATED_FROM_POLICY` managed permission has no other associations
|
2707
|
+
# to A resource share, then RAM automatically deletes it.
|
2708
|
+
#
|
2709
|
+
# </note>
|
2710
|
+
#
|
2711
|
+
# @option params [required, String] :permission_arn
|
2712
|
+
# Specifies the [Amazon Resource Name (ARN)][1] of the
|
2713
|
+
# `CREATED_FROM_POLICY` permission that you want to promote. You can get
|
2714
|
+
# this [Amazon Resource Name (ARN)][1] by calling the
|
2715
|
+
# ListResourceSharePermissions operation.
|
2716
|
+
#
|
2717
|
+
#
|
2718
|
+
#
|
2719
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
2720
|
+
#
|
2721
|
+
# @option params [required, String] :name
|
2722
|
+
# Specifies a name for the promoted customer managed permission.
|
2723
|
+
#
|
2724
|
+
# @option params [String] :client_token
|
2725
|
+
# Specifies a unique, case-sensitive identifier that you provide to
|
2726
|
+
# ensure the idempotency of the request. This lets you safely retry the
|
2727
|
+
# request without accidentally performing the same operation a second
|
2728
|
+
# time. Passing the same value to a later call to an operation requires
|
2729
|
+
# that you also pass the same value for all other parameters. We
|
2730
|
+
# recommend that you use a [UUID type of value.][1].
|
2731
|
+
#
|
2732
|
+
# If you don't provide this value, then Amazon Web Services generates a
|
2733
|
+
# random one for you.
|
2734
|
+
#
|
2735
|
+
# If you retry the operation with the same `ClientToken`, but with
|
2736
|
+
# different parameters, the retry fails with an
|
2737
|
+
# `IdempotentParameterMismatch` error.
|
2738
|
+
#
|
2739
|
+
#
|
2740
|
+
#
|
2741
|
+
# [1]: https://wikipedia.org/wiki/Universally_unique_identifier
|
2742
|
+
#
|
2743
|
+
# @return [Types::PromotePermissionCreatedFromPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2744
|
+
#
|
2745
|
+
# * {Types::PromotePermissionCreatedFromPolicyResponse#permission #permission} => Types::ResourceSharePermissionSummary
|
2746
|
+
# * {Types::PromotePermissionCreatedFromPolicyResponse#client_token #client_token} => String
|
2747
|
+
#
|
2748
|
+
# @example Request syntax with placeholder values
|
2749
|
+
#
|
2750
|
+
# resp = client.promote_permission_created_from_policy({
|
2751
|
+
# permission_arn: "String", # required
|
2752
|
+
# name: "String", # required
|
2753
|
+
# client_token: "String",
|
2754
|
+
# })
|
2755
|
+
#
|
2756
|
+
# @example Response structure
|
2058
2757
|
#
|
2059
|
-
#
|
2060
|
-
#
|
2061
|
-
#
|
2062
|
-
#
|
2758
|
+
# resp.permission.arn #=> String
|
2759
|
+
# resp.permission.version #=> String
|
2760
|
+
# resp.permission.default_version #=> Boolean
|
2761
|
+
# resp.permission.name #=> String
|
2762
|
+
# resp.permission.resource_type #=> String
|
2763
|
+
# resp.permission.status #=> String
|
2764
|
+
# resp.permission.creation_time #=> Time
|
2765
|
+
# resp.permission.last_updated_time #=> Time
|
2766
|
+
# resp.permission.is_resource_type_default #=> Boolean
|
2767
|
+
# resp.permission.permission_type #=> String, one of "CUSTOMER_MANAGED", "AWS_MANAGED"
|
2768
|
+
# resp.permission.feature_set #=> String, one of "CREATED_FROM_POLICY", "PROMOTING_TO_STANDARD", "STANDARD"
|
2769
|
+
# resp.permission.tags #=> Array
|
2770
|
+
# resp.permission.tags[0].key #=> String
|
2771
|
+
# resp.permission.tags[0].value #=> String
|
2772
|
+
# resp.client_token #=> String
|
2773
|
+
#
|
2774
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/PromotePermissionCreatedFromPolicy AWS API Documentation
|
2775
|
+
#
|
2776
|
+
# @overload promote_permission_created_from_policy(params = {})
|
2777
|
+
# @param [Hash] params ({})
|
2778
|
+
def promote_permission_created_from_policy(params = {}, options = {})
|
2779
|
+
req = build_request(:promote_permission_created_from_policy, params)
|
2780
|
+
req.send_request(options)
|
2781
|
+
end
|
2782
|
+
|
2783
|
+
# When you attach a resource-based policy to a resource, RAM
|
2784
|
+
# automatically creates a resource share of
|
2785
|
+
# `featureSet`=`CREATED_FROM_POLICY` with a managed permission that has
|
2786
|
+
# the same IAM permissions as the original resource-based policy.
|
2787
|
+
# However, this type of managed permission is visible to only the
|
2788
|
+
# resource share owner, and the associated resource share can't be
|
2789
|
+
# modified by using RAM.
|
2790
|
+
#
|
2791
|
+
# This operation promotes the resource share to a `STANDARD` resource
|
2792
|
+
# share that is fully manageable in RAM. When you promote a resource
|
2793
|
+
# share, you can then manage the resource share in RAM and it becomes
|
2794
|
+
# visible to all of the principals you shared it with.
|
2795
|
+
#
|
2796
|
+
# Before you perform this operation, you should first run
|
2797
|
+
# PromotePermissionCreatedFromPolicyto ensure that you have an
|
2798
|
+
# appropriate customer managed permission that can be associated with
|
2799
|
+
# this resource share after its is promoted. If this operation can't
|
2800
|
+
# find a managed permission that exactly matches the existing
|
2801
|
+
# `CREATED_FROM_POLICY` permission, then this operation fails.
|
2063
2802
|
#
|
2064
2803
|
# @option params [required, String] :resource_share_arn
|
2065
|
-
# Specifies the [Amazon
|
2804
|
+
# Specifies the [Amazon Resource Name (ARN)][1] of the resource share to
|
2066
2805
|
# promote.
|
2067
2806
|
#
|
2068
2807
|
#
|
@@ -2096,7 +2835,7 @@ module Aws::RAM
|
|
2096
2835
|
# Services account.
|
2097
2836
|
#
|
2098
2837
|
# @option params [required, String] :resource_share_invitation_arn
|
2099
|
-
# Specifies the [Amazon
|
2838
|
+
# Specifies the [Amazon Resource Name (ARN)][1] of the invitation that
|
2100
2839
|
# you want to reject.
|
2101
2840
|
#
|
2102
2841
|
#
|
@@ -2114,6 +2853,10 @@ module Aws::RAM
|
|
2114
2853
|
# If you don't provide this value, then Amazon Web Services generates a
|
2115
2854
|
# random one for you.
|
2116
2855
|
#
|
2856
|
+
# If you retry the operation with the same `ClientToken`, but with
|
2857
|
+
# different parameters, the retry fails with an
|
2858
|
+
# `IdempotentParameterMismatch` error.
|
2859
|
+
#
|
2117
2860
|
#
|
2118
2861
|
#
|
2119
2862
|
# [1]: https://wikipedia.org/wiki/Universally_unique_identifier
|
@@ -2161,13 +2904,178 @@ module Aws::RAM
|
|
2161
2904
|
req.send_request(options)
|
2162
2905
|
end
|
2163
2906
|
|
2164
|
-
#
|
2165
|
-
#
|
2166
|
-
#
|
2907
|
+
# Updates all resource shares that use a managed permission to a
|
2908
|
+
# different managed permission. This operation always applies the
|
2909
|
+
# default version of the target managed permission. You can optionally
|
2910
|
+
# specify that the update applies to only resource shares that currently
|
2911
|
+
# use a specified version. This enables you to update to the latest
|
2912
|
+
# version, without changing the which managed permission is used.
|
2167
2913
|
#
|
2168
|
-
#
|
2169
|
-
#
|
2170
|
-
#
|
2914
|
+
# You can use this operation to update all of your resource shares to
|
2915
|
+
# use the current default version of the permission by specifying the
|
2916
|
+
# same value for the `fromPermissionArn` and `toPermissionArn`
|
2917
|
+
# parameters.
|
2918
|
+
#
|
2919
|
+
# You can use the optional `fromPermissionVersion` parameter to update
|
2920
|
+
# only those resources that use a specified version of the managed
|
2921
|
+
# permission to the new managed permission.
|
2922
|
+
#
|
2923
|
+
# To successfully perform this operation, you must have permission to
|
2924
|
+
# update the resource-based policy on all affected resource types.
|
2925
|
+
#
|
2926
|
+
# @option params [required, String] :from_permission_arn
|
2927
|
+
# Specifies the [Amazon Resource Name (ARN)][1] of the managed
|
2928
|
+
# permission that you want to replace.
|
2929
|
+
#
|
2930
|
+
#
|
2931
|
+
#
|
2932
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
2933
|
+
#
|
2934
|
+
# @option params [Integer] :from_permission_version
|
2935
|
+
# Specifies that you want to updated the permissions for only those
|
2936
|
+
# resource shares that use the specified version of the managed
|
2937
|
+
# permission.
|
2938
|
+
#
|
2939
|
+
# @option params [required, String] :to_permission_arn
|
2940
|
+
# Specifies the ARN of the managed permission that you want to associate
|
2941
|
+
# with resource shares in place of the one specified by
|
2942
|
+
# `fromPerssionArn` and `fromPermissionVersion`.
|
2943
|
+
#
|
2944
|
+
# The operation always associates the version that is currently the
|
2945
|
+
# default for the specified managed permission.
|
2946
|
+
#
|
2947
|
+
# @option params [String] :client_token
|
2948
|
+
# Specifies a unique, case-sensitive identifier that you provide to
|
2949
|
+
# ensure the idempotency of the request. This lets you safely retry the
|
2950
|
+
# request without accidentally performing the same operation a second
|
2951
|
+
# time. Passing the same value to a later call to an operation requires
|
2952
|
+
# that you also pass the same value for all other parameters. We
|
2953
|
+
# recommend that you use a [UUID type of value.][1].
|
2954
|
+
#
|
2955
|
+
# If you don't provide this value, then Amazon Web Services generates a
|
2956
|
+
# random one for you.
|
2957
|
+
#
|
2958
|
+
# If you retry the operation with the same `ClientToken`, but with
|
2959
|
+
# different parameters, the retry fails with an
|
2960
|
+
# `IdempotentParameterMismatch` error.
|
2961
|
+
#
|
2962
|
+
#
|
2963
|
+
#
|
2964
|
+
# [1]: https://wikipedia.org/wiki/Universally_unique_identifier
|
2965
|
+
#
|
2966
|
+
# @return [Types::ReplacePermissionAssociationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2967
|
+
#
|
2968
|
+
# * {Types::ReplacePermissionAssociationsResponse#replace_permission_associations_work #replace_permission_associations_work} => Types::ReplacePermissionAssociationsWork
|
2969
|
+
# * {Types::ReplacePermissionAssociationsResponse#client_token #client_token} => String
|
2970
|
+
#
|
2971
|
+
# @example Request syntax with placeholder values
|
2972
|
+
#
|
2973
|
+
# resp = client.replace_permission_associations({
|
2974
|
+
# from_permission_arn: "String", # required
|
2975
|
+
# from_permission_version: 1,
|
2976
|
+
# to_permission_arn: "String", # required
|
2977
|
+
# client_token: "String",
|
2978
|
+
# })
|
2979
|
+
#
|
2980
|
+
# @example Response structure
|
2981
|
+
#
|
2982
|
+
# resp.replace_permission_associations_work.id #=> String
|
2983
|
+
# resp.replace_permission_associations_work.from_permission_arn #=> String
|
2984
|
+
# resp.replace_permission_associations_work.from_permission_version #=> String
|
2985
|
+
# resp.replace_permission_associations_work.to_permission_arn #=> String
|
2986
|
+
# resp.replace_permission_associations_work.to_permission_version #=> String
|
2987
|
+
# resp.replace_permission_associations_work.status #=> String, one of "IN_PROGRESS", "COMPLETED", "FAILED"
|
2988
|
+
# resp.replace_permission_associations_work.status_message #=> String
|
2989
|
+
# resp.replace_permission_associations_work.creation_time #=> Time
|
2990
|
+
# resp.replace_permission_associations_work.last_updated_time #=> Time
|
2991
|
+
# resp.client_token #=> String
|
2992
|
+
#
|
2993
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ReplacePermissionAssociations AWS API Documentation
|
2994
|
+
#
|
2995
|
+
# @overload replace_permission_associations(params = {})
|
2996
|
+
# @param [Hash] params ({})
|
2997
|
+
def replace_permission_associations(params = {}, options = {})
|
2998
|
+
req = build_request(:replace_permission_associations, params)
|
2999
|
+
req.send_request(options)
|
3000
|
+
end
|
3001
|
+
|
3002
|
+
# Designates the specified version number as the default version for the
|
3003
|
+
# specified customer managed permission. New resource shares
|
3004
|
+
# automatically use this new default permission. Existing resource
|
3005
|
+
# shares continue to use their original permission version, but you can
|
3006
|
+
# use ReplacePermissionAssociations to update them.
|
3007
|
+
#
|
3008
|
+
# @option params [required, String] :permission_arn
|
3009
|
+
# Specifies the [Amazon Resource Name (ARN)][1] of the customer managed
|
3010
|
+
# permission whose default version you want to change.
|
3011
|
+
#
|
3012
|
+
#
|
3013
|
+
#
|
3014
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
3015
|
+
#
|
3016
|
+
# @option params [required, Integer] :permission_version
|
3017
|
+
# Specifies the version number that you want to designate as the default
|
3018
|
+
# for customer managed permission. To see a list of all available
|
3019
|
+
# version numbers, use ListPermissionVersions.
|
3020
|
+
#
|
3021
|
+
# @option params [String] :client_token
|
3022
|
+
# Specifies a unique, case-sensitive identifier that you provide to
|
3023
|
+
# ensure the idempotency of the request. This lets you safely retry the
|
3024
|
+
# request without accidentally performing the same operation a second
|
3025
|
+
# time. Passing the same value to a later call to an operation requires
|
3026
|
+
# that you also pass the same value for all other parameters. We
|
3027
|
+
# recommend that you use a [UUID type of value.][1].
|
3028
|
+
#
|
3029
|
+
# If you don't provide this value, then Amazon Web Services generates a
|
3030
|
+
# random one for you.
|
3031
|
+
#
|
3032
|
+
# If you retry the operation with the same `ClientToken`, but with
|
3033
|
+
# different parameters, the retry fails with an
|
3034
|
+
# `IdempotentParameterMismatch` error.
|
3035
|
+
#
|
3036
|
+
#
|
3037
|
+
#
|
3038
|
+
# [1]: https://wikipedia.org/wiki/Universally_unique_identifier
|
3039
|
+
#
|
3040
|
+
# @return [Types::SetDefaultPermissionVersionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
3041
|
+
#
|
3042
|
+
# * {Types::SetDefaultPermissionVersionResponse#return_value #return_value} => Boolean
|
3043
|
+
# * {Types::SetDefaultPermissionVersionResponse#client_token #client_token} => String
|
3044
|
+
#
|
3045
|
+
# @example Request syntax with placeholder values
|
3046
|
+
#
|
3047
|
+
# resp = client.set_default_permission_version({
|
3048
|
+
# permission_arn: "String", # required
|
3049
|
+
# permission_version: 1, # required
|
3050
|
+
# client_token: "String",
|
3051
|
+
# })
|
3052
|
+
#
|
3053
|
+
# @example Response structure
|
3054
|
+
#
|
3055
|
+
# resp.return_value #=> Boolean
|
3056
|
+
# resp.client_token #=> String
|
3057
|
+
#
|
3058
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/SetDefaultPermissionVersion AWS API Documentation
|
3059
|
+
#
|
3060
|
+
# @overload set_default_permission_version(params = {})
|
3061
|
+
# @param [Hash] params ({})
|
3062
|
+
def set_default_permission_version(params = {}, options = {})
|
3063
|
+
req = build_request(:set_default_permission_version, params)
|
3064
|
+
req.send_request(options)
|
3065
|
+
end
|
3066
|
+
|
3067
|
+
# Adds the specified tag keys and values to a resource share or managed
|
3068
|
+
# permission. If you choose a resource share, the tags are attached to
|
3069
|
+
# only the resource share, not to the resources that are in the resource
|
3070
|
+
# share.
|
3071
|
+
#
|
3072
|
+
# The tags on a managed permission are the same for all versions of the
|
3073
|
+
# managed permission.
|
3074
|
+
#
|
3075
|
+
# @option params [String] :resource_share_arn
|
3076
|
+
# Specifies the [Amazon Resource Name (ARN)][1] of the resource share
|
3077
|
+
# that you want to add tags to. You must specify *either*
|
3078
|
+
# `resourceShareArn`, or `resourceArn`, but not both.
|
2171
3079
|
#
|
2172
3080
|
#
|
2173
3081
|
#
|
@@ -2178,18 +3086,28 @@ module Aws::RAM
|
|
2178
3086
|
# present and not be an empty string. The tag value must be present but
|
2179
3087
|
# can be an empty string.
|
2180
3088
|
#
|
3089
|
+
# @option params [String] :resource_arn
|
3090
|
+
# Specifies the [Amazon Resource Name (ARN)][1] of the managed
|
3091
|
+
# permission that you want to add tags to. You must specify *either*
|
3092
|
+
# `resourceArn`, or `resourceShareArn`, but not both.
|
3093
|
+
#
|
3094
|
+
#
|
3095
|
+
#
|
3096
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
3097
|
+
#
|
2181
3098
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
2182
3099
|
#
|
2183
3100
|
# @example Request syntax with placeholder values
|
2184
3101
|
#
|
2185
3102
|
# resp = client.tag_resource({
|
2186
|
-
# resource_share_arn: "String",
|
3103
|
+
# resource_share_arn: "String",
|
2187
3104
|
# tags: [ # required
|
2188
3105
|
# {
|
2189
3106
|
# key: "TagKey",
|
2190
3107
|
# value: "TagValue",
|
2191
3108
|
# },
|
2192
3109
|
# ],
|
3110
|
+
# resource_arn: "String",
|
2193
3111
|
# })
|
2194
3112
|
#
|
2195
3113
|
# @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/TagResource AWS API Documentation
|
@@ -2202,12 +3120,13 @@ module Aws::RAM
|
|
2202
3120
|
end
|
2203
3121
|
|
2204
3122
|
# Removes the specified tag key and value pairs from the specified
|
2205
|
-
# resource share.
|
3123
|
+
# resource share or managed permission.
|
2206
3124
|
#
|
2207
|
-
# @option params [
|
2208
|
-
# Specifies the [Amazon
|
3125
|
+
# @option params [String] :resource_share_arn
|
3126
|
+
# Specifies the [Amazon Resource Name (ARN)][1] of the resource share
|
2209
3127
|
# that you want to remove tags from. The tags are removed from the
|
2210
|
-
# resource share, not the resources in the resource share.
|
3128
|
+
# resource share, not the resources in the resource share. You must
|
3129
|
+
# specify either `resourceShareArn`, or `resourceArn`, but not both.
|
2211
3130
|
#
|
2212
3131
|
#
|
2213
3132
|
#
|
@@ -2216,13 +3135,23 @@ module Aws::RAM
|
|
2216
3135
|
# @option params [required, Array<String>] :tag_keys
|
2217
3136
|
# Specifies a list of one or more tag keys that you want to remove.
|
2218
3137
|
#
|
3138
|
+
# @option params [String] :resource_arn
|
3139
|
+
# Specifies the [Amazon Resource Name (ARN)][1] of the managed
|
3140
|
+
# permission that you want to remove tags from. You must specify either
|
3141
|
+
# `resourceArn`, or `resourceShareArn`, but not both.
|
3142
|
+
#
|
3143
|
+
#
|
3144
|
+
#
|
3145
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
3146
|
+
#
|
2219
3147
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
2220
3148
|
#
|
2221
3149
|
# @example Request syntax with placeholder values
|
2222
3150
|
#
|
2223
3151
|
# resp = client.untag_resource({
|
2224
|
-
# resource_share_arn: "String",
|
3152
|
+
# resource_share_arn: "String",
|
2225
3153
|
# tag_keys: ["TagKey"], # required
|
3154
|
+
# resource_arn: "String",
|
2226
3155
|
# })
|
2227
3156
|
#
|
2228
3157
|
# @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/UntagResource AWS API Documentation
|
@@ -2237,7 +3166,7 @@ module Aws::RAM
|
|
2237
3166
|
# Modifies some of the properties of the specified resource share.
|
2238
3167
|
#
|
2239
3168
|
# @option params [required, String] :resource_share_arn
|
2240
|
-
# Specifies the [Amazon
|
3169
|
+
# Specifies the [Amazon Resource Name (ARN)][1] of the resource share
|
2241
3170
|
# that you want to modify.
|
2242
3171
|
#
|
2243
3172
|
#
|
@@ -2263,6 +3192,10 @@ module Aws::RAM
|
|
2263
3192
|
# If you don't provide this value, then Amazon Web Services generates a
|
2264
3193
|
# random one for you.
|
2265
3194
|
#
|
3195
|
+
# If you retry the operation with the same `ClientToken`, but with
|
3196
|
+
# different parameters, the retry fails with an
|
3197
|
+
# `IdempotentParameterMismatch` error.
|
3198
|
+
#
|
2266
3199
|
#
|
2267
3200
|
#
|
2268
3201
|
# [1]: https://wikipedia.org/wiki/Universally_unique_identifier
|
@@ -2319,7 +3252,7 @@ module Aws::RAM
|
|
2319
3252
|
params: params,
|
2320
3253
|
config: config)
|
2321
3254
|
context[:gem_name] = 'aws-sdk-ram'
|
2322
|
-
context[:gem_version] = '1.
|
3255
|
+
context[:gem_version] = '1.43.0'
|
2323
3256
|
Seahorse::Client::Request.new(handlers, context)
|
2324
3257
|
end
|
2325
3258
|
|