AWS Resource Access Manager

2021/06/10 - AWS Resource Access Manager - 8 updated api methods

Changes  AWS Resource Access Manager (RAM) is releasing new field isResourceTypeDefault in ListPermissions and GetPermission response, and adding permissionArn parameter to GetResourceShare request to filter by permission attached

AcceptResourceShareInvitation (updated) Link ¶
Changes (response) 
{'resourceShareInvitation': {'receiverArn': 'string'}}

Accepts an invitation to a resource share from another AWS account.

See also: AWS API Documentation

Request Syntax

client.accept_resource_share_invitation(
    resourceShareInvitationArn='string',
    clientToken='string'
)
type resourceShareInvitationArn:

string

param resourceShareInvitationArn:

[REQUIRED]

The Amazon Resource Name (ARN) of the invitation.

type clientToken:

string

param clientToken:

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

rtype:

dict

returns:

Response Syntax

{
    'resourceShareInvitation': {
        'resourceShareInvitationArn': 'string',
        'resourceShareName': 'string',
        'resourceShareArn': 'string',
        'senderAccountId': 'string',
        'receiverAccountId': 'string',
        'invitationTimestamp': datetime(2015, 1, 1),
        'status': 'PENDING'|'ACCEPTED'|'REJECTED'|'EXPIRED',
        'resourceShareAssociations': [
            {
                'resourceShareArn': 'string',
                'resourceShareName': 'string',
                'associatedEntity': 'string',
                'associationType': 'PRINCIPAL'|'RESOURCE',
                'status': 'ASSOCIATING'|'ASSOCIATED'|'FAILED'|'DISASSOCIATING'|'DISASSOCIATED',
                'statusMessage': 'string',
                'creationTime': datetime(2015, 1, 1),
                'lastUpdatedTime': datetime(2015, 1, 1),
                'external': True|False
            },
        ],
        'receiverArn': 'string'
    },
    'clientToken': 'string'
}

Response Structure

  • (dict) --

    • resourceShareInvitation (dict) --

      Information about the invitation.

      • resourceShareInvitationArn (string) --

        The Amazon Resource Name (ARN) of the invitation.

      • resourceShareName (string) --

        The name of the resource share.

      • resourceShareArn (string) --

        The Amazon Resource Name (ARN) of the resource share.

      • senderAccountId (string) --

        The ID of the AWS account that sent the invitation.

      • receiverAccountId (string) --

        The ID of the AWS account that received the invitation.

      • invitationTimestamp (datetime) --

        The date and time when the invitation was sent.

      • status (string) --

        The status of the invitation.

      • resourceShareAssociations (list) --

        To view the resources associated with a pending resource share invitation, use ListPendingInvitationResources.

        • (dict) --

          Describes an association with a resource share.

          • resourceShareArn (string) --

            The Amazon Resource Name (ARN) of the resource share.

          • resourceShareName (string) --

            The name of the resource share.

          • associatedEntity (string) --

            The associated entity. For resource associations, this is the ARN of the resource. For principal associations, this is the ID of an AWS account or the ARN of an OU or organization from AWS Organizations.

          • associationType (string) --

            The association type.

          • status (string) --

            The status of the association.

          • statusMessage (string) --

            A message about the status of the association.

          • creationTime (datetime) --

            The time when the association was created.

          • lastUpdatedTime (datetime) --

            The time when the association was last updated.

          • external (boolean) --

            Indicates whether the principal belongs to the same AWS organization as the AWS account that owns the resource share.

      • receiverArn (string) --

        The Amazon Resource Name (ARN) of the IAM user or IAM role that received the invitation.

    • clientToken (string) --

      A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

AssociateResourceSharePermission (updated) Link ¶
Changes (request) 
{'permissionVersion': 'integer'}

Associates a permission with a resource share.

See also: AWS API Documentation

Request Syntax

client.associate_resource_share_permission(
    resourceShareArn='string',
    permissionArn='string',
    replace=True|False,
    clientToken='string',
    permissionVersion=123
)
type resourceShareArn:

string

param resourceShareArn:

[REQUIRED]

The Amazon Resource Name (ARN) of the resource share.

type permissionArn:

string

param permissionArn:

[REQUIRED]

The Amazon Resource Name (ARN) of the AWS RAM permissions to associate with the resource share.

type replace:

boolean

param replace:

Indicates whether the permission should replace the permissions that are currently associated with the resource share. Use true to replace the current permissions. Use false to add the permission to the current permission.

type clientToken:

string

param clientToken:

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

type permissionVersion:

integer

param permissionVersion:

The version of the AWS RAM permissions to associate with the resource share.

rtype:

dict

returns:

Response Syntax

{
    'returnValue': True|False,
    'clientToken': 'string'
}

Response Structure

  • (dict) --

    • returnValue (boolean) --

      Indicates whether the request succeeded.

    • clientToken (string) --

      A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

GetPermission (updated) Link ¶
Changes (response) 
{'permission': {'isResourceTypeDefault': 'boolean'}}

Gets the contents of an AWS RAM permission in JSON format.

See also: AWS API Documentation

Request Syntax

client.get_permission(
    permissionArn='string',
    permissionVersion=123
)
type permissionArn:

string

param permissionArn:

[REQUIRED]

The ARN of the permission.

type permissionVersion:

integer

param permissionVersion:

The identifier for the version of the permission.

rtype:

dict

returns:

Response Syntax

{
    'permission': {
        'arn': 'string',
        'version': 'string',
        'defaultVersion': True|False,
        'name': 'string',
        'resourceType': 'string',
        'permission': 'string',
        'creationTime': datetime(2015, 1, 1),
        'lastUpdatedTime': datetime(2015, 1, 1),
        'isResourceTypeDefault': True|False
    }
}

Response Structure

  • (dict) --

    • permission (dict) --

      Information about the permission.

      • arn (string) --

        The ARN of the permission.

      • version (string) --

        The identifier for the version of the permission.

      • defaultVersion (boolean) --

        Specifies whether the version of the permission is set to the default version for this permission.

      • name (string) --

        The name of the permission.

      • resourceType (string) --

        The resource type to which the permission applies.

      • permission (string) --

        The permission's effect and actions in JSON format. The effect indicates whether the actions are allowed or denied. The actions list the API actions to which the principal is granted or denied access.

      • creationTime (datetime) --

        The date and time when the permission was created.

      • lastUpdatedTime (datetime) --

        The date and time when the permission was last updated.

      • isResourceTypeDefault (boolean) --

        Specifies whether the version of the permission is set to the default version for this resource type.

GetResourceShareInvitations (updated) Link ¶
Changes (response) 
{'resourceShareInvitations': {'receiverArn': 'string'}}

Gets the invitations that you have received for resource shares.

See also: AWS API Documentation

Request Syntax

client.get_resource_share_invitations(
    resourceShareInvitationArns=[
        'string',
    ],
    resourceShareArns=[
        'string',
    ],
    nextToken='string',
    maxResults=123
)
type resourceShareInvitationArns:

list

param resourceShareInvitationArns:

The Amazon Resource Names (ARN) of the invitations.

  • (string) --

type resourceShareArns:

list

param resourceShareArns:

The Amazon Resource Names (ARN) of the resource shares.

  • (string) --

type nextToken:

string

param nextToken:

The token for the next page of results.

type maxResults:

integer

param maxResults:

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

rtype:

dict

returns:

Response Syntax

{
    'resourceShareInvitations': [
        {
            'resourceShareInvitationArn': 'string',
            'resourceShareName': 'string',
            'resourceShareArn': 'string',
            'senderAccountId': 'string',
            'receiverAccountId': 'string',
            'invitationTimestamp': datetime(2015, 1, 1),
            'status': 'PENDING'|'ACCEPTED'|'REJECTED'|'EXPIRED',
            'resourceShareAssociations': [
                {
                    'resourceShareArn': 'string',
                    'resourceShareName': 'string',
                    'associatedEntity': 'string',
                    'associationType': 'PRINCIPAL'|'RESOURCE',
                    'status': 'ASSOCIATING'|'ASSOCIATED'|'FAILED'|'DISASSOCIATING'|'DISASSOCIATED',
                    'statusMessage': 'string',
                    'creationTime': datetime(2015, 1, 1),
                    'lastUpdatedTime': datetime(2015, 1, 1),
                    'external': True|False
                },
            ],
            'receiverArn': 'string'
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • resourceShareInvitations (list) --

      Information about the invitations.

      • (dict) --

        Describes an invitation to join a resource share.

        • resourceShareInvitationArn (string) --

          The Amazon Resource Name (ARN) of the invitation.

        • resourceShareName (string) --

          The name of the resource share.

        • resourceShareArn (string) --

          The Amazon Resource Name (ARN) of the resource share.

        • senderAccountId (string) --

          The ID of the AWS account that sent the invitation.

        • receiverAccountId (string) --

          The ID of the AWS account that received the invitation.

        • invitationTimestamp (datetime) --

          The date and time when the invitation was sent.

        • status (string) --

          The status of the invitation.

        • resourceShareAssociations (list) --

          To view the resources associated with a pending resource share invitation, use ListPendingInvitationResources.

          • (dict) --

            Describes an association with a resource share.

            • resourceShareArn (string) --

              The Amazon Resource Name (ARN) of the resource share.

            • resourceShareName (string) --

              The name of the resource share.

            • associatedEntity (string) --

              The associated entity. For resource associations, this is the ARN of the resource. For principal associations, this is the ID of an AWS account or the ARN of an OU or organization from AWS Organizations.

            • associationType (string) --

              The association type.

            • status (string) --

              The status of the association.

            • statusMessage (string) --

              A message about the status of the association.

            • creationTime (datetime) --

              The time when the association was created.

            • lastUpdatedTime (datetime) --

              The time when the association was last updated.

            • external (boolean) --

              Indicates whether the principal belongs to the same AWS organization as the AWS account that owns the resource share.

        • receiverArn (string) --

          The Amazon Resource Name (ARN) of the IAM user or IAM role that received the invitation.

    • nextToken (string) --

      The token to use to retrieve the next page of results. This value is null when there are no more results to return.

GetResourceShares (updated) Link ¶
Changes (request) 
{'permissionArn': 'string'}

Gets the resource shares that you own or the resource shares that are shared with you.

See also: AWS API Documentation

Request Syntax

client.get_resource_shares(
    resourceShareArns=[
        'string',
    ],
    resourceShareStatus='PENDING'|'ACTIVE'|'FAILED'|'DELETING'|'DELETED',
    resourceOwner='SELF'|'OTHER-ACCOUNTS',
    name='string',
    tagFilters=[
        {
            'tagKey': 'string',
            'tagValues': [
                'string',
            ]
        },
    ],
    nextToken='string',
    maxResults=123,
    permissionArn='string'
)
type resourceShareArns:

list

param resourceShareArns:

The ARNs of the resource shares.

  • (string) --

type resourceShareStatus:

string

param resourceShareStatus:

The status of the resource share.

type resourceOwner:

string

param resourceOwner:

[REQUIRED]

The type of owner.

type name:

string

param name:

The name of the resource share.

type tagFilters:

list

param tagFilters:

One or more tag filters.

  • (dict) --

    Used to filter information based on tags.

    • tagKey (string) --

      The tag key.

    • tagValues (list) --

      The tag values.

      • (string) --

type nextToken:

string

param nextToken:

The token for the next page of results.

type maxResults:

integer

param maxResults:

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

type permissionArn:

string

param permissionArn:

The Amazon Resource Name (ARN) of the AWS RAM permission that is associated with the resource share.

rtype:

dict

returns:

Response Syntax

{
    'resourceShares': [
        {
            'resourceShareArn': 'string',
            'name': 'string',
            'owningAccountId': 'string',
            'allowExternalPrincipals': True|False,
            'status': 'PENDING'|'ACTIVE'|'FAILED'|'DELETING'|'DELETED',
            'statusMessage': 'string',
            'tags': [
                {
                    'key': 'string',
                    'value': 'string'
                },
            ],
            'creationTime': datetime(2015, 1, 1),
            'lastUpdatedTime': datetime(2015, 1, 1),
            'featureSet': 'CREATED_FROM_POLICY'|'PROMOTING_TO_STANDARD'|'STANDARD'
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • resourceShares (list) --

      Information about the resource shares.

      • (dict) --

        Describes a resource share.

        • resourceShareArn (string) --

          The Amazon Resource Name (ARN) of the resource share.

        • name (string) --

          The name of the resource share.

        • owningAccountId (string) --

          The ID of the AWS account that owns the resource share.

        • allowExternalPrincipals (boolean) --

          Indicates whether principals outside your AWS organization can be associated with a resource share.

        • status (string) --

          The status of the resource share.

        • statusMessage (string) --

          A message about the status of the resource share.

        • tags (list) --

          The tags for the resource share.

          • (dict) --

            Information about a tag.

            • key (string) --

              The key of the tag.

            • value (string) --

              The value of the tag.

        • creationTime (datetime) --

          The time when the resource share was created.

        • lastUpdatedTime (datetime) --

          The time when the resource share was last updated.

        • featureSet (string) --

          Indicates how the resource share was created. Possible values include:

          • CREATED_FROM_POLICY - Indicates that the resource share was created from an AWS Identity and Access Management (AWS IAM) policy attached to a resource. These resource shares are visible only to the AWS account that created it. They cannot be modified in AWS RAM.

          • PROMOTING_TO_STANDARD - The resource share is in the process of being promoted. For more information, see PromoteResourceShareCreatedFromPolicy.

          • STANDARD - Indicates that the resource share was created in AWS RAM using the console or APIs. These resource shares are visible to all principals. They can be modified in AWS RAM.

    • nextToken (string) --

      The token to use to retrieve the next page of results. This value is null when there are no more results to return.

ListPermissions (updated) Link ¶
Changes (response) 
{'permissions': {'isResourceTypeDefault': 'boolean'}}

Lists the AWS RAM permissions.

See also: AWS API Documentation

Request Syntax

client.list_permissions(
    resourceType='string',
    nextToken='string',
    maxResults=123
)
type resourceType:

string

param resourceType:

Specifies the resource type for which to list permissions. For example, to list only permissions that apply to EC2 subnets, specify ec2:Subnet.

type nextToken:

string

param nextToken:

The token for the next page of results.

type maxResults:

integer

param maxResults:

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

rtype:

dict

returns:

Response Syntax

{
    'permissions': [
        {
            'arn': 'string',
            'version': 'string',
            'defaultVersion': True|False,
            'name': 'string',
            'resourceType': 'string',
            'status': 'string',
            'creationTime': datetime(2015, 1, 1),
            'lastUpdatedTime': datetime(2015, 1, 1),
            'isResourceTypeDefault': True|False
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • permissions (list) --

      Information about the permissions.

      • (dict) --

        Information about a permission that is associated with a resource share.

        • arn (string) --

          The ARN of the permission.

        • version (string) --

          The identifier for the version of the permission.

        • defaultVersion (boolean) --

          Specifies whether the version of the permission is set to the default version for this permission.

        • name (string) --

          The name of the permission.

        • resourceType (string) --

          The type of resource to which the permission applies.

        • status (string) --

          The current status of the permission.

        • creationTime (datetime) --

          The date and time when the permission was created.

        • lastUpdatedTime (datetime) --

          The date and time when the permission was last updated.

        • isResourceTypeDefault (boolean) --

          Specifies whether the version of the permission is set to the default version for this resource type.

    • nextToken (string) --

      The token to use to retrieve the next page of results. This value is null when there are no more results to return.

ListResourceSharePermissions (updated) Link ¶
Changes (response) 
{'permissions': {'isResourceTypeDefault': 'boolean'}}

Lists the AWS RAM permissions that are associated with a resource share.

See also: AWS API Documentation

Request Syntax

client.list_resource_share_permissions(
    resourceShareArn='string',
    nextToken='string',
    maxResults=123
)
type resourceShareArn:

string

param resourceShareArn:

[REQUIRED]

The Amazon Resource Name (ARN) of the resource share.

type nextToken:

string

param nextToken:

The token for the next page of results.

type maxResults:

integer

param maxResults:

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

rtype:

dict

returns:

Response Syntax

{
    'permissions': [
        {
            'arn': 'string',
            'version': 'string',
            'defaultVersion': True|False,
            'name': 'string',
            'resourceType': 'string',
            'status': 'string',
            'creationTime': datetime(2015, 1, 1),
            'lastUpdatedTime': datetime(2015, 1, 1),
            'isResourceTypeDefault': True|False
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • permissions (list) --

      The permissions associated with the resource share.

      • (dict) --

        Information about a permission that is associated with a resource share.

        • arn (string) --

          The ARN of the permission.

        • version (string) --

          The identifier for the version of the permission.

        • defaultVersion (boolean) --

          Specifies whether the version of the permission is set to the default version for this permission.

        • name (string) --

          The name of the permission.

        • resourceType (string) --

          The type of resource to which the permission applies.

        • status (string) --

          The current status of the permission.

        • creationTime (datetime) --

          The date and time when the permission was created.

        • lastUpdatedTime (datetime) --

          The date and time when the permission was last updated.

        • isResourceTypeDefault (boolean) --

          Specifies whether the version of the permission is set to the default version for this resource type.

    • nextToken (string) --

      The token to use to retrieve the next page of results. This value is null when there are no more results to return.

RejectResourceShareInvitation (updated) Link ¶
Changes (response) 
{'resourceShareInvitation': {'receiverArn': 'string'}}

Rejects an invitation to a resource share from another AWS account.

See also: AWS API Documentation

Request Syntax

client.reject_resource_share_invitation(
    resourceShareInvitationArn='string',
    clientToken='string'
)
type resourceShareInvitationArn:

string

param resourceShareInvitationArn:

[REQUIRED]

The Amazon Resource Name (ARN) of the invitation.

type clientToken:

string

param clientToken:

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

rtype:

dict

returns:

Response Syntax

{
    'resourceShareInvitation': {
        'resourceShareInvitationArn': 'string',
        'resourceShareName': 'string',
        'resourceShareArn': 'string',
        'senderAccountId': 'string',
        'receiverAccountId': 'string',
        'invitationTimestamp': datetime(2015, 1, 1),
        'status': 'PENDING'|'ACCEPTED'|'REJECTED'|'EXPIRED',
        'resourceShareAssociations': [
            {
                'resourceShareArn': 'string',
                'resourceShareName': 'string',
                'associatedEntity': 'string',
                'associationType': 'PRINCIPAL'|'RESOURCE',
                'status': 'ASSOCIATING'|'ASSOCIATED'|'FAILED'|'DISASSOCIATING'|'DISASSOCIATED',
                'statusMessage': 'string',
                'creationTime': datetime(2015, 1, 1),
                'lastUpdatedTime': datetime(2015, 1, 1),
                'external': True|False
            },
        ],
        'receiverArn': 'string'
    },
    'clientToken': 'string'
}

Response Structure

  • (dict) --

    • resourceShareInvitation (dict) --

      Information about the invitation.

      • resourceShareInvitationArn (string) --

        The Amazon Resource Name (ARN) of the invitation.

      • resourceShareName (string) --

        The name of the resource share.

      • resourceShareArn (string) --

        The Amazon Resource Name (ARN) of the resource share.

      • senderAccountId (string) --

        The ID of the AWS account that sent the invitation.

      • receiverAccountId (string) --

        The ID of the AWS account that received the invitation.

      • invitationTimestamp (datetime) --

        The date and time when the invitation was sent.

      • status (string) --

        The status of the invitation.

      • resourceShareAssociations (list) --

        To view the resources associated with a pending resource share invitation, use ListPendingInvitationResources.

        • (dict) --

          Describes an association with a resource share.

          • resourceShareArn (string) --

            The Amazon Resource Name (ARN) of the resource share.

          • resourceShareName (string) --

            The name of the resource share.

          • associatedEntity (string) --

            The associated entity. For resource associations, this is the ARN of the resource. For principal associations, this is the ID of an AWS account or the ARN of an OU or organization from AWS Organizations.

          • associationType (string) --

            The association type.

          • status (string) --

            The status of the association.

          • statusMessage (string) --

            A message about the status of the association.

          • creationTime (datetime) --

            The time when the association was created.

          • lastUpdatedTime (datetime) --

            The time when the association was last updated.

          • external (boolean) --

            Indicates whether the principal belongs to the same AWS organization as the AWS account that owns the resource share.

      • receiverArn (string) --

        The Amazon Resource Name (ARN) of the IAM user or IAM role that received the invitation.

    • clientToken (string) --

      A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.