AWS Resource Access Manager

Lists the AWS RAM permissions.

See also: AWS API Documentation

Request Syntax

client.list_permissions(
    resourceType='string',
    nextToken='string',
    maxResults=123
)

type resourceType:

string

param resourceType:

Specifies the resource type for which to list permissions. For example, to list only permissions that apply to EC2 subnets, specify ec2:Subnet.

type nextToken:

string

param nextToken:

The token for the next page of results.

type maxResults:

integer

param maxResults:

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

rtype:

dict

returns:

Response Syntax

{
    'permissions': [
        {
            'arn': 'string',
            'version': 'string',
            'defaultVersion': True|False,
            'name': 'string',
            'resourceType': 'string',
            'status': 'string',
            'creationTime': datetime(2015, 1, 1),
            'lastUpdatedTime': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

• (dict) --

  • permissions (list) --

    Information about the permissions.

    • (dict) --

      Information about a permission that is associated with a resource share.

      • arn (string) --

        The ARN of the permission.

      • version (string) --

        The identifier for the version of the permission.

      • defaultVersion (boolean) --

        The identifier for the version of the permission that is set as the default version.

      • name (string) --

        The name of the permission.

      • resourceType (string) --

        The type of resource to which the permission applies.

      • status (string) --

        The current status of the permission.

      • creationTime (datetime) --

        The date and time when the permission was created.

      • lastUpdatedTime (datetime) --

        The date and time when the permission was last updated.

  • nextToken (string) --

    The token to use to retrieve the next page of results. This value is null when there are no more results to return.

Associates a permission with a resource share.

See also: AWS API Documentation

Request Syntax

client.associate_resource_share_permission(
    resourceShareArn='string',
    permissionArn='string',
    replace=True|False,
    clientToken='string'
)

type resourceShareArn:

string

param resourceShareArn:

[REQUIRED]

The Amazon Resource Name (ARN) of the resource share.

type permissionArn:

string

param permissionArn:

[REQUIRED]

The ARN of the AWS RAM permission to associate with the resource share.

type replace:

boolean

param replace:

Indicates whether the permission should replace the permissions that are currently associated with the resource share. Use true to replace the current permissions. Use false to add the permission to the current permission.

type clientToken:

string

param clientToken:

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

rtype:

dict

returns:

Response Syntax

{
    'returnValue': True|False,
    'clientToken': 'string'
}

Response Structure

• (dict) --

  • returnValue (boolean) --

    Indicates whether the request succeeded.

  • clientToken (string) --

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

Resource shares that were created by attaching a policy to a resource are visible only to the resource share owner, and the resource share cannot be modified in AWS RAM.

Use this API action to promote the resource share. When you promote the resource share, it becomes:

• Visible to all principals that it is shared with.

• Modifiable in AWS RAM.

See also: AWS API Documentation

Request Syntax

client.promote_resource_share_created_from_policy(
    resourceShareArn='string'
)

type resourceShareArn:

string

param resourceShareArn:

[REQUIRED]

The ARN of the resource share to promote.

rtype:

dict

returns:

Response Syntax

{
    'returnValue': True|False
}

Response Structure

• (dict) --

  • returnValue (boolean) --

    Indicates whether the request succeeded.

Gets the contents of an AWS RAM permission in JSON format.

See also: AWS API Documentation

Request Syntax

client.get_permission(
    permissionArn='string',
    permissionVersion=123
)

type permissionArn:

string

param permissionArn:

[REQUIRED]

The ARN of the permission.

type permissionVersion:

integer

param permissionVersion:

The identifier for the version of the permission.

rtype:

dict

returns:

Response Syntax

{
    'permission': {
        'arn': 'string',
        'version': 'string',
        'defaultVersion': True|False,
        'name': 'string',
        'resourceType': 'string',
        'permission': 'string',
        'creationTime': datetime(2015, 1, 1),
        'lastUpdatedTime': datetime(2015, 1, 1)
    }
}

Response Structure

• (dict) --

  • permission (dict) --

    Information about the permission.

    • arn (string) --

      The ARN of the permission.

    • version (string) --

      The identifier for the version of the permission.

    • defaultVersion (boolean) --

      The identifier for the version of the permission that is set as the default version.

    • name (string) --

      The name of the permission.

    • resourceType (string) --

      The resource type to which the permission applies.

    • permission (string) --

      The permission's effect and actions in JSON format. The effect indicates whether the actions are allowed or denied. The actions list the API actions to which the principal is granted or denied access.

    • creationTime (datetime) --

      The date and time when the permission was created.

    • lastUpdatedTime (datetime) --

      The date and time when the permission was last updated.

Disassociates an AWS RAM permission from a resource share.

See also: AWS API Documentation

Request Syntax

client.disassociate_resource_share_permission(
    resourceShareArn='string',
    permissionArn='string',
    clientToken='string'
)

type resourceShareArn:

string

param resourceShareArn:

[REQUIRED]

The Amazon Resource Name (ARN) of the resource share.

type permissionArn:

string

param permissionArn:

[REQUIRED]

The ARN of the permission to disassociate from the resource share.

type clientToken:

string

param clientToken:

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

rtype:

dict

returns:

Response Syntax

{
    'returnValue': True|False,
    'clientToken': 'string'
}

Response Structure

• (dict) --

  • returnValue (boolean) --

    Indicates whether the request succeeded.

  • clientToken (string) --

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

Lists the AWS RAM permissions that are associated with a resource share.

See also: AWS API Documentation

Request Syntax

client.list_resource_share_permissions(
    resourceShareArn='string',
    nextToken='string',
    maxResults=123
)

type resourceShareArn:

string

param resourceShareArn:

[REQUIRED]

The Amazon Resource Name (ARN) of the resource share.

type nextToken:

string

param nextToken:

The token for the next page of results.

type maxResults:

integer

param maxResults:

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

rtype:

dict

returns:

Response Syntax

{
    'permissions': [
        {
            'arn': 'string',
            'version': 'string',
            'defaultVersion': True|False,
            'name': 'string',
            'resourceType': 'string',
            'status': 'string',
            'creationTime': datetime(2015, 1, 1),
            'lastUpdatedTime': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

• (dict) --

  • permissions (list) --

    The permissions associated with the resource share.

    • (dict) --

      Information about a permission that is associated with a resource share.

      • arn (string) --

        The ARN of the permission.

      • version (string) --

        The identifier for the version of the permission.

      • defaultVersion (boolean) --

        The identifier for the version of the permission that is set as the default version.

      • name (string) --

        The name of the permission.

      • resourceType (string) --

        The type of resource to which the permission applies.

      • status (string) --

        The current status of the permission.

      • creationTime (datetime) --

        The date and time when the permission was created.

      • lastUpdatedTime (datetime) --

        The date and time when the permission was last updated.

  • nextToken (string) --

    The token to use to retrieve the next page of results. This value is null when there are no more results to return.

{'permissionArns': ['string']}

{'resourceShare': {'featureSet': 'CREATED_FROM_POLICY | PROMOTING_TO_STANDARD '
                                 '| STANDARD'}}

Creates a resource share.

See also: AWS API Documentation

Request Syntax

client.create_resource_share(
    name='string',
    resourceArns=[
        'string',
    ],
    principals=[
        'string',
    ],
    tags=[
        {
            'key': 'string',
            'value': 'string'
        },
    ],
    allowExternalPrincipals=True|False,
    clientToken='string',
    permissionArns=[
        'string',
    ]
)

type name:

string

param name:

[REQUIRED]

The name of the resource share.

type resourceArns:

list

param resourceArns:

The Amazon Resource Names (ARN) of the resources to associate with the resource share.

• (string) --

type principals:

list

param principals:

The principals to associate with the resource share. The possible values are IDs of AWS accounts, the ARN of an OU or organization from AWS Organizations.

• (string) --

type tags:

list

param tags:

One or more tags.

• (dict) --

  Information about a tag.

  • key (string) --

    The key of the tag.

  • value (string) --

    The value of the tag.

type allowExternalPrincipals:

boolean

param allowExternalPrincipals:

Indicates whether principals outside your AWS organization can be associated with a resource share.

type clientToken:

string

param clientToken:

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

type permissionArns:

list

param permissionArns:

The ARNs of the permissions to associate with the resource share. If you do not specify an ARN for the permission, AWS RAM automatically attaches the default version of the permission for each resource type.

• (string) --

rtype:

dict

returns:

Response Syntax

{
    'resourceShare': {
        'resourceShareArn': 'string',
        'name': 'string',
        'owningAccountId': 'string',
        'allowExternalPrincipals': True|False,
        'status': 'PENDING'|'ACTIVE'|'FAILED'|'DELETING'|'DELETED',
        'statusMessage': 'string',
        'tags': [
            {
                'key': 'string',
                'value': 'string'
            },
        ],
        'creationTime': datetime(2015, 1, 1),
        'lastUpdatedTime': datetime(2015, 1, 1),
        'featureSet': 'CREATED_FROM_POLICY'|'PROMOTING_TO_STANDARD'|'STANDARD'
    },
    'clientToken': 'string'
}

Response Structure

• (dict) --

  • resourceShare (dict) --

    Information about the resource share.

    • resourceShareArn (string) --

      The Amazon Resource Name (ARN) of the resource share.

    • name (string) --

      The name of the resource share.

    • owningAccountId (string) --

      The ID of the AWS account that owns the resource share.

    • allowExternalPrincipals (boolean) --

      Indicates whether principals outside your AWS organization can be associated with a resource share.

    • status (string) --

      The status of the resource share.

    • statusMessage (string) --

      A message about the status of the resource share.

    • tags (list) --

      The tags for the resource share.

      • (dict) --

        Information about a tag.

        • key (string) --

          The key of the tag.

        • value (string) --

          The value of the tag.

    • creationTime (datetime) --

      The time when the resource share was created.

    • lastUpdatedTime (datetime) --

      The time when the resource share was last updated.

    • featureSet (string) --

      Indicates how the resource share was created. Possible values include:

      • CREATED_FROM_POLICY - Indicates that the resource share was created from an AWS Identity and Access Management (AWS IAM) policy attached to a resource. These resource shares are visible only to the AWS account that created it. They cannot be modified in AWS RAM.

      • PROMOTING_TO_STANDARD - The resource share is in the process of being promoted. For more information, see PromoteResourceShareCreatedFromPolicy.

      • STANDARD - Indicates that the resource share was created in AWS RAM using the console or APIs. These resource shares are visible to all principals. They can be modified in AWS RAM.

  • clientToken (string) --

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

{'resourceShares': {'featureSet': 'CREATED_FROM_POLICY | PROMOTING_TO_STANDARD '
                                  '| STANDARD'}}

Gets the resource shares that you own or the resource shares that are shared with you.

See also: AWS API Documentation

Request Syntax

client.get_resource_shares(
    resourceShareArns=[
        'string',
    ],
    resourceShareStatus='PENDING'|'ACTIVE'|'FAILED'|'DELETING'|'DELETED',
    resourceOwner='SELF'|'OTHER-ACCOUNTS',
    name='string',
    tagFilters=[
        {
            'tagKey': 'string',
            'tagValues': [
                'string',
            ]
        },
    ],
    nextToken='string',
    maxResults=123
)

type resourceShareArns:

list

param resourceShareArns:

The Amazon Resource Names (ARN) of the resource shares.

• (string) --

type resourceShareStatus:

string

param resourceShareStatus:

The status of the resource share.

type resourceOwner:

string

param resourceOwner:

[REQUIRED]

The type of owner.

type name:

string

param name:

The name of the resource share.

type tagFilters:

list

param tagFilters:

One or more tag filters.

• (dict) --

  Used to filter information based on tags.

  • tagKey (string) --

    The tag key.

  • tagValues (list) --

    The tag values.

    • (string) --

type nextToken:

string

param nextToken:

The token for the next page of results.

type maxResults:

integer

param maxResults:

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

rtype:

dict

returns:

Response Syntax

{
    'resourceShares': [
        {
            'resourceShareArn': 'string',
            'name': 'string',
            'owningAccountId': 'string',
            'allowExternalPrincipals': True|False,
            'status': 'PENDING'|'ACTIVE'|'FAILED'|'DELETING'|'DELETED',
            'statusMessage': 'string',
            'tags': [
                {
                    'key': 'string',
                    'value': 'string'
                },
            ],
            'creationTime': datetime(2015, 1, 1),
            'lastUpdatedTime': datetime(2015, 1, 1),
            'featureSet': 'CREATED_FROM_POLICY'|'PROMOTING_TO_STANDARD'|'STANDARD'
        },
    ],
    'nextToken': 'string'
}

Response Structure

• (dict) --

  • resourceShares (list) --

    Information about the resource shares.

    • (dict) --

      Describes a resource share.

      • resourceShareArn (string) --

        The Amazon Resource Name (ARN) of the resource share.

      • name (string) --

        The name of the resource share.

      • owningAccountId (string) --

        The ID of the AWS account that owns the resource share.

      • allowExternalPrincipals (boolean) --

        Indicates whether principals outside your AWS organization can be associated with a resource share.

      • status (string) --

        The status of the resource share.

      • statusMessage (string) --

        A message about the status of the resource share.

      • tags (list) --

        The tags for the resource share.

        • (dict) --

          Information about a tag.

          • key (string) --

            The key of the tag.

          • value (string) --

            The value of the tag.

      • creationTime (datetime) --

        The time when the resource share was created.

      • lastUpdatedTime (datetime) --

        The time when the resource share was last updated.

      • featureSet (string) --

        Indicates how the resource share was created. Possible values include:

        • CREATED_FROM_POLICY - Indicates that the resource share was created from an AWS Identity and Access Management (AWS IAM) policy attached to a resource. These resource shares are visible only to the AWS account that created it. They cannot be modified in AWS RAM.

        • PROMOTING_TO_STANDARD - The resource share is in the process of being promoted. For more information, see PromoteResourceShareCreatedFromPolicy.

        • STANDARD - Indicates that the resource share was created in AWS RAM using the console or APIs. These resource shares are visible to all principals. They can be modified in AWS RAM.

  • nextToken (string) --

    The token to use to retrieve the next page of results. This value is null when there are no more results to return.

{'resources': {'resourceGroupArn': 'string'}}

Lists the resources in a resource share that is shared with you but that the invitation is still pending for.

See also: AWS API Documentation

Request Syntax

client.list_pending_invitation_resources(
    resourceShareInvitationArn='string',
    nextToken='string',
    maxResults=123
)

type resourceShareInvitationArn:

string

param resourceShareInvitationArn:

[REQUIRED]

The Amazon Resource Name (ARN) of the invitation.

type nextToken:

string

param nextToken:

The token for the next page of results.

type maxResults:

integer

param maxResults:

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

rtype:

dict

returns:

Response Syntax

{
    'resources': [
        {
            'arn': 'string',
            'type': 'string',
            'resourceShareArn': 'string',
            'resourceGroupArn': 'string',
            'status': 'AVAILABLE'|'ZONAL_RESOURCE_INACCESSIBLE'|'LIMIT_EXCEEDED'|'UNAVAILABLE'|'PENDING',
            'statusMessage': 'string',
            'creationTime': datetime(2015, 1, 1),
            'lastUpdatedTime': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

• (dict) --

  • resources (list) --

    Information about the resources included the resource share.

    • (dict) --

      Describes a resource associated with a resource share.

      • arn (string) --

        The Amazon Resource Name (ARN) of the resource.

      • type (string) --

        The resource type.

      • resourceShareArn (string) --

        The Amazon Resource Name (ARN) of the resource share.

      • resourceGroupArn (string) --

        The ARN of the resource group. This value is returned only if the resource is a resource group.

      • status (string) --

        The status of the resource.

      • statusMessage (string) --

        A message about the status of the resource.

      • creationTime (datetime) --

        The time when the resource was associated with the resource share.

      • lastUpdatedTime (datetime) --

        The time when the association was last updated.

  • nextToken (string) --

    The token to use to retrieve the next page of results. This value is null when there are no more results to return.

{'resources': {'resourceGroupArn': 'string'}}

Lists the resources that you added to a resource shares or the resources that are shared with you.

See also: AWS API Documentation

Request Syntax

client.list_resources(
    resourceOwner='SELF'|'OTHER-ACCOUNTS',
    principal='string',
    resourceType='string',
    resourceArns=[
        'string',
    ],
    resourceShareArns=[
        'string',
    ],
    nextToken='string',
    maxResults=123
)

type resourceOwner:

string

param resourceOwner:

[REQUIRED]

The type of owner.

type principal:

string

param principal:

The principal.

type resourceType:

string

param resourceType:

The resource type.

Valid values: ec2:CapacityReservation | ec2:Subnet | ec2:TrafficMirrorTarget | ec2:TransitGateway | license-manager:LicenseConfiguration | rds:Cluster | route53resolver:ResolverRule | resource-groups:Group

type resourceArns:

list

param resourceArns:

The Amazon Resource Names (ARN) of the resources.

• (string) --

type resourceShareArns:

list

param resourceShareArns:

The Amazon Resource Names (ARN) of the resource shares.

• (string) --

type nextToken:

string

param nextToken:

The token for the next page of results.

type maxResults:

integer

param maxResults:

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

rtype:

dict

returns:

Response Syntax

{
    'resources': [
        {
            'arn': 'string',
            'type': 'string',
            'resourceShareArn': 'string',
            'resourceGroupArn': 'string',
            'status': 'AVAILABLE'|'ZONAL_RESOURCE_INACCESSIBLE'|'LIMIT_EXCEEDED'|'UNAVAILABLE'|'PENDING',
            'statusMessage': 'string',
            'creationTime': datetime(2015, 1, 1),
            'lastUpdatedTime': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

• (dict) --

  • resources (list) --

    Information about the resources.

    • (dict) --

      Describes a resource associated with a resource share.

      • arn (string) --

        The Amazon Resource Name (ARN) of the resource.

      • type (string) --

        The resource type.

      • resourceShareArn (string) --

        The Amazon Resource Name (ARN) of the resource share.

      • resourceGroupArn (string) --

        The ARN of the resource group. This value is returned only if the resource is a resource group.

      • status (string) --

        The status of the resource.

      • statusMessage (string) --

        A message about the status of the resource.

      • creationTime (datetime) --

        The time when the resource was associated with the resource share.

      • lastUpdatedTime (datetime) --

        The time when the association was last updated.

  • nextToken (string) --

    The token to use to retrieve the next page of results. This value is null when there are no more results to return.

{'resourceShare': {'featureSet': 'CREATED_FROM_POLICY | PROMOTING_TO_STANDARD '
                                 '| STANDARD'}}

Updates the specified resource share that you own.

See also: AWS API Documentation

Request Syntax

client.update_resource_share(
    resourceShareArn='string',
    name='string',
    allowExternalPrincipals=True|False,
    clientToken='string'
)

type resourceShareArn:

string

param resourceShareArn:

[REQUIRED]

The Amazon Resource Name (ARN) of the resource share.

type name:

string

param name:

The name of the resource share.

type allowExternalPrincipals:

boolean

param allowExternalPrincipals:

Indicates whether principals outside your AWS organization can be associated with a resource share.

type clientToken:

string

param clientToken:

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

rtype:

dict

returns:

Response Syntax

{
    'resourceShare': {
        'resourceShareArn': 'string',
        'name': 'string',
        'owningAccountId': 'string',
        'allowExternalPrincipals': True|False,
        'status': 'PENDING'|'ACTIVE'|'FAILED'|'DELETING'|'DELETED',
        'statusMessage': 'string',
        'tags': [
            {
                'key': 'string',
                'value': 'string'
            },
        ],
        'creationTime': datetime(2015, 1, 1),
        'lastUpdatedTime': datetime(2015, 1, 1),
        'featureSet': 'CREATED_FROM_POLICY'|'PROMOTING_TO_STANDARD'|'STANDARD'
    },
    'clientToken': 'string'
}

Response Structure

• (dict) --

  • resourceShare (dict) --

    Information about the resource share.

    • resourceShareArn (string) --

      The Amazon Resource Name (ARN) of the resource share.

    • name (string) --

      The name of the resource share.

    • owningAccountId (string) --

      The ID of the AWS account that owns the resource share.

    • allowExternalPrincipals (boolean) --

      Indicates whether principals outside your AWS organization can be associated with a resource share.

    • status (string) --

      The status of the resource share.

    • statusMessage (string) --

      A message about the status of the resource share.

    • tags (list) --

      The tags for the resource share.

      • (dict) --

        Information about a tag.

        • key (string) --

          The key of the tag.

        • value (string) --

          The value of the tag.

    • creationTime (datetime) --

      The time when the resource share was created.

    • lastUpdatedTime (datetime) --

      The time when the resource share was last updated.

    • featureSet (string) --

      Indicates how the resource share was created. Possible values include:

      • CREATED_FROM_POLICY - Indicates that the resource share was created from an AWS Identity and Access Management (AWS IAM) policy attached to a resource. These resource shares are visible only to the AWS account that created it. They cannot be modified in AWS RAM.

      • PROMOTING_TO_STANDARD - The resource share is in the process of being promoted. For more information, see PromoteResourceShareCreatedFromPolicy.

      • STANDARD - Indicates that the resource share was created in AWS RAM using the console or APIs. These resource shares are visible to all principals. They can be modified in AWS RAM.

  • clientToken (string) --

    A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.