2025/08/15 - Amazon Prometheus Service - 3 new api methods
Changes Add Resource-based Policy APIs for Amazon Prometheus
Returns information about the resource-based policy attached to an Amazon Managed Service for Prometheus workspace.
See also: AWS API Documentation
Request Syntax
client.describe_resource_policy(
workspaceId='string'
)
string
[REQUIRED]
The ID of the workspace to describe the resource-based policy for.
dict
Response Syntax
{
'policyDocument': 'string',
'policyStatus': 'CREATING'|'ACTIVE'|'UPDATING'|'DELETING',
'revisionId': 'string'
}
Response Structure
(dict) --
policyDocument (string) --
The JSON policy document for the resource-based policy attached to the workspace.
policyStatus (string) --
The current status of the resource-based policy.
revisionId (string) --
The revision ID of the current resource-based policy.
Deletes the resource-based policy attached to an Amazon Managed Service for Prometheus workspace.
See also: AWS API Documentation
Request Syntax
client.delete_resource_policy(
workspaceId='string',
clientToken='string',
revisionId='string'
)
string
[REQUIRED]
The ID of the workspace from which to delete the resource-based policy.
string
A unique, case-sensitive identifier that you provide to ensure the request is safe to retry (idempotent).
This field is autopopulated if not provided.
string
The revision ID of the policy to delete. Use this parameter to ensure that you are deleting the correct version of the policy.
None
Creates or updates a resource-based policy for an Amazon Managed Service for Prometheus workspace. Use resource-based policies to grant permissions to other AWS accounts or services to access your workspace.
Only Prometheus-compatible APIs can be used for workspace sharing. You can add non-Prometheus-compatible APIs to the policy, but they will be ignored. For more information, see Prometheus-compatible APIs in the Amazon Managed Service for Prometheus User Guide.
If your workspace uses customer-managed KMS keys for encryption, you must grant the principals in your resource-based policy access to those KMS keys. You can do this by creating KMS grants. For more information, see CreateGrant in the AWS Key Management Service API Reference and Encryption at rest in the Amazon Managed Service for Prometheus User Guide.
For more information about working with IAM, see Using Amazon Managed Service for Prometheus with IAM in the Amazon Managed Service for Prometheus User Guide.
See also: AWS API Documentation
Request Syntax
client.put_resource_policy(
workspaceId='string',
policyDocument='string',
clientToken='string',
revisionId='string'
)
string
[REQUIRED]
The ID of the workspace to attach the resource-based policy to.
string
[REQUIRED]
The JSON policy document to use as the resource-based policy. This policy defines the permissions that other AWS accounts or services have to access your workspace.
string
A unique, case-sensitive identifier that you provide to ensure the request is safe to retry (idempotent).
This field is autopopulated if not provided.
string
The revision ID of the policy to update. Use this parameter to ensure that you are updating the correct version of the policy. If you don't specify a revision ID, the policy is updated regardless of its current revision.
For the first PUT request on a workspace that doesn't have an existing resource policy, you can specify NO_POLICY as the revision ID.
dict
Response Syntax
{
'policyStatus': 'CREATING'|'ACTIVE'|'UPDATING'|'DELETING',
'revisionId': 'string'
}
Response Structure
(dict) --
policyStatus (string) --
The current status of the resource-based policy.
revisionId (string) --
The revision ID of the newly created or updated resource-based policy.