2025/05/01 - Amazon Verified Permissions - 3 new2 updated api methods
Changes Amazon Verified Permissions / Features : Adds support for tagging policy stores.
Returns the tags associated with the specified Amazon Verified Permissions resource. In Verified Permissions, policy stores can be tagged.
See also: AWS API Documentation
Request Syntax
client.list_tags_for_resource( resourceArn='string' )
string
[REQUIRED]
The ARN of the resource for which you want to view tags.
dict
Response Syntax
{ 'tags': { 'string': 'string' } }
Response Structure
(dict) --
tags (dict) --
The list of tags associated with the resource.
(string) --
(string) --
Assigns one or more tags (key-value pairs) to the specified Amazon Verified Permissions resource. Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values. In Verified Permissions, policy stores can be tagged.
Tags don't have any semantic meaning to Amazon Web Services and are interpreted strictly as strings of characters.
You can use the TagResource action with a resource that already has tags. If you specify a new tag key, this tag is appended to the list of tags associated with the resource. If you specify a tag key that is already associated with the resource, the new tag value that you specify replaces the previous value for that tag.
You can associate as many as 50 tags with a resource.
See also: AWS API Documentation
Request Syntax
client.tag_resource( resourceArn='string', tags={ 'string': 'string' } )
string
[REQUIRED]
The ARN of the resource that you're adding tags to.
dict
[REQUIRED]
The list of key-value pairs to associate with the resource.
(string) --
(string) --
dict
Response Syntax
{}
Response Structure
(dict) --
Removes one or more tags from the specified Amazon Verified Permissions resource. In Verified Permissions, policy stores can be tagged.
See also: AWS API Documentation
Request Syntax
client.untag_resource( resourceArn='string', tagKeys=[ 'string', ] )
string
[REQUIRED]
The ARN of the resource from which you are removing tags.
list
[REQUIRED]
The list of tag keys to remove from the resource.
(string) --
dict
Response Syntax
{}
Response Structure
(dict) --
{'tags': {'string': 'string'}}
Creates a policy store. A policy store is a container for policy resources.
See also: AWS API Documentation
Request Syntax
client.create_policy_store( clientToken='string', validationSettings={ 'mode': 'OFF'|'STRICT' }, description='string', deletionProtection='ENABLED'|'DISABLED', tags={ 'string': 'string' } )
string
Specifies a unique, case-sensitive ID that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..
If you don't provide this value, then Amazon Web Services generates a random one for you.
If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an ConflictException error.
Verified Permissions recognizes a ClientToken for eight hours. After eight hours, the next request with the same parameters performs the operation again regardless of the value of ClientToken.
This field is autopopulated if not provided.
dict
[REQUIRED]
Specifies the validation setting for this policy store.
Currently, the only valid and required value is Mode.
mode (string) -- [REQUIRED]
The validation mode currently configured for this policy store. The valid values are:
OFF – Neither Verified Permissions nor Cedar perform any validation on policies. No validation errors are reported by either service.
STRICT – Requires a schema to be present in the policy store. Cedar performs validation on all submitted new or updated static policies and policy templates. Any that fail validation are rejected and Cedar doesn't store them in the policy store.
string
Descriptive text that you can provide to help with identification of the current policy store.
string
Specifies whether the policy store can be deleted. If enabled, the policy store can't be deleted.
The default state is DISABLED.
dict
The list of key-value pairs to associate with the policy store.
(string) --
(string) --
dict
Response Syntax
{ 'policyStoreId': 'string', 'arn': 'string', 'createdDate': datetime(2015, 1, 1), 'lastUpdatedDate': datetime(2015, 1, 1) }
Response Structure
(dict) --
policyStoreId (string) --
The unique ID of the new policy store.
arn (string) --
The Amazon Resource Name (ARN) of the new policy store.
createdDate (datetime) --
The date and time the policy store was originally created.
lastUpdatedDate (datetime) --
The date and time the policy store was last updated.
{'tags': 'boolean'}Response
{'cedarVersion': 'CEDAR_2 | CEDAR_4', 'tags': {'string': 'string'}}
Retrieves details about a policy store.
See also: AWS API Documentation
Request Syntax
client.get_policy_store( policyStoreId='string', tags=True|False )
string
[REQUIRED]
Specifies the ID of the policy store that you want information about.
boolean
Specifies whether to return the tags that are attached to the policy store. If this parameter is included in the API call, the tags are returned, otherwise they are not returned.
dict
Response Syntax
{ 'policyStoreId': 'string', 'arn': 'string', 'validationSettings': { 'mode': 'OFF'|'STRICT' }, 'createdDate': datetime(2015, 1, 1), 'lastUpdatedDate': datetime(2015, 1, 1), 'description': 'string', 'deletionProtection': 'ENABLED'|'DISABLED', 'cedarVersion': 'CEDAR_2'|'CEDAR_4', 'tags': { 'string': 'string' } }
Response Structure
(dict) --
policyStoreId (string) --
The ID of the policy store;
arn (string) --
The Amazon Resource Name (ARN) of the policy store.
validationSettings (dict) --
The current validation settings for the policy store.
mode (string) --
The validation mode currently configured for this policy store. The valid values are:
OFF – Neither Verified Permissions nor Cedar perform any validation on policies. No validation errors are reported by either service.
STRICT – Requires a schema to be present in the policy store. Cedar performs validation on all submitted new or updated static policies and policy templates. Any that fail validation are rejected and Cedar doesn't store them in the policy store.
createdDate (datetime) --
The date and time that the policy store was originally created.
lastUpdatedDate (datetime) --
The date and time that the policy store was last updated.
description (string) --
Descriptive text that you can provide to help with identification of the current policy store.
deletionProtection (string) --
Specifies whether the policy store can be deleted. If enabled, the policy store can't be deleted.
The default state is DISABLED.
cedarVersion (string) --
The version of the Cedar language used with policies, policy templates, and schemas in this policy store. For more information, see Amazon Verified Permissions upgrade to Cedar v4 FAQ.
tags (dict) --
The list of tags associated with the policy store.
(string) --
(string) --