2024/10/18 - Amazon DataZone - 5 updated api methods
Changes Adding the following project member designations: PROJECT_CATALOG_VIEWER, PROJECT_CATALOG_CONSUMER and PROJECT_CATALOG_STEWARD in the CreateProjectMembership API and PROJECT_CATALOG_STEWARD designation in the AddPolicyGrant API.
{'principal': {'project': {'projectDesignation': {'PROJECT_CATALOG_STEWARD'}}}}
Adds a policy grant (an authorization policy) to a specified entity, including domain units, environment blueprint configurations, or environment profiles.
See also: AWS API Documentation
Request Syntax
client.add_policy_grant(
clientToken='string',
detail={
'addToProjectMemberPool': {
'includeChildDomainUnits': True|False
},
'createAssetType': {
'includeChildDomainUnits': True|False
},
'createDomainUnit': {
'includeChildDomainUnits': True|False
},
'createEnvironment': {}
,
'createEnvironmentProfile': {
'domainUnitId': 'string'
},
'createFormType': {
'includeChildDomainUnits': True|False
},
'createGlossary': {
'includeChildDomainUnits': True|False
},
'createProject': {
'includeChildDomainUnits': True|False
},
'delegateCreateEnvironmentProfile': {}
,
'overrideDomainUnitOwners': {
'includeChildDomainUnits': True|False
},
'overrideProjectOwners': {
'includeChildDomainUnits': True|False
}
},
domainIdentifier='string',
entityIdentifier='string',
entityType='DOMAIN_UNIT'|'ENVIRONMENT_BLUEPRINT_CONFIGURATION'|'ENVIRONMENT_PROFILE',
policyType='CREATE_DOMAIN_UNIT'|'OVERRIDE_DOMAIN_UNIT_OWNERS'|'ADD_TO_PROJECT_MEMBER_POOL'|'OVERRIDE_PROJECT_OWNERS'|'CREATE_GLOSSARY'|'CREATE_FORM_TYPE'|'CREATE_ASSET_TYPE'|'CREATE_PROJECT'|'CREATE_ENVIRONMENT_PROFILE'|'DELEGATE_CREATE_ENVIRONMENT_PROFILE'|'CREATE_ENVIRONMENT',
principal={
'domainUnit': {
'domainUnitDesignation': 'OWNER',
'domainUnitGrantFilter': {
'allDomainUnitsGrantFilter': {}
},
'domainUnitIdentifier': 'string'
},
'group': {
'groupIdentifier': 'string'
},
'project': {
'projectDesignation': 'OWNER'|'CONTRIBUTOR'|'PROJECT_CATALOG_STEWARD',
'projectGrantFilter': {
'domainUnitFilter': {
'domainUnit': 'string',
'includeChildDomainUnits': True|False
}
},
'projectIdentifier': 'string'
},
'user': {
'allUsersGrantFilter': {}
,
'userIdentifier': 'string'
}
}
)
string
A unique, case-sensitive identifier that is provided to ensure the idempotency of the request.
This field is autopopulated if not provided.
dict
[REQUIRED]
The details of the policy grant.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: addToProjectMemberPool, createAssetType, createDomainUnit, createEnvironment, createEnvironmentProfile, createFormType, createGlossary, createProject, delegateCreateEnvironmentProfile, overrideDomainUnitOwners, overrideProjectOwners.
addToProjectMemberPool (dict) --
Specifies that the policy grant is to be added to the members of the project.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createAssetType (dict) --
Specifies that this is a create asset type policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createDomainUnit (dict) --
Specifies that this is a create domain unit policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createEnvironment (dict) --
Specifies that this is a create environment policy.
createEnvironmentProfile (dict) --
Specifies that this is a create environment profile policy.
domainUnitId (string) --
The ID of the domain unit.
createFormType (dict) --
Specifies that this is a create form type policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createGlossary (dict) --
Specifies that this is a create glossary policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createProject (dict) --
Specifies that this is a create project policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
delegateCreateEnvironmentProfile (dict) --
Specifies that this is the delegation of the create environment profile policy.
overrideDomainUnitOwners (dict) --
Specifies whether to override domain unit owners.
includeChildDomainUnits (boolean) --
Specifies whether the policy is inherited by child domain units.
overrideProjectOwners (dict) --
Specifies whether to override project owners.
includeChildDomainUnits (boolean) --
Specifies whether the policy is inherited by child domain units.
string
[REQUIRED]
The ID of the domain where you want to add a policy grant.
string
[REQUIRED]
The ID of the entity (resource) to which you want to add a policy grant.
string
[REQUIRED]
The type of entity (resource) to which the grant is added.
string
[REQUIRED]
The type of policy that you want to grant.
dict
[REQUIRED]
The principal to whom the permissions are granted.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: domainUnit, group, project, user.
domainUnit (dict) --
The domain unit of the policy grant principal.
domainUnitDesignation (string) -- [REQUIRED]
Specifes the designation of the domain unit users.
domainUnitGrantFilter (dict) --
The grant filter for the domain unit.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: allDomainUnitsGrantFilter.
allDomainUnitsGrantFilter (dict) --
Specifies a grant filter containing all domain units.
domainUnitIdentifier (string) --
The ID of the domain unit.
group (dict) --
The group of the policy grant principal.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: groupIdentifier.
groupIdentifier (string) --
The ID Of the group of the group principal.
project (dict) --
The project of the policy grant principal.
projectDesignation (string) -- [REQUIRED]
The project designation of the project policy grant principal.
projectGrantFilter (dict) --
The project grant filter of the project policy grant principal.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: domainUnitFilter.
domainUnitFilter (dict) --
The domain unit filter of the project grant filter.
domainUnit (string) -- [REQUIRED]
The domain unit ID to use in the filter.
includeChildDomainUnits (boolean) --
Specifies whether to include child domain units.
projectIdentifier (string) --
The project ID of the project policy grant principal.
user (dict) --
The user of the policy grant principal.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: allUsersGrantFilter, userIdentifier.
allUsersGrantFilter (dict) --
The all users grant filter of the user policy grant principal.
userIdentifier (string) --
The user ID of the user policy grant principal.
dict
Response Syntax
{}
Response Structure
(dict) --
{'designation': {'PROJECT_CATALOG_CONSUMER',
'PROJECT_CATALOG_STEWARD',
'PROJECT_CATALOG_VIEWER'}}
Creates a project membership in Amazon DataZone.
See also: AWS API Documentation
Request Syntax
client.create_project_membership(
designation='PROJECT_OWNER'|'PROJECT_CONTRIBUTOR'|'PROJECT_CATALOG_VIEWER'|'PROJECT_CATALOG_CONSUMER'|'PROJECT_CATALOG_STEWARD',
domainIdentifier='string',
member={
'groupIdentifier': 'string',
'userIdentifier': 'string'
},
projectIdentifier='string'
)
string
[REQUIRED]
The designation of the project membership.
string
[REQUIRED]
The ID of the Amazon DataZone domain in which project membership is created.
dict
[REQUIRED]
The project member whose project membership was created.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: groupIdentifier, userIdentifier.
groupIdentifier (string) --
The ID of the group of a project member.
userIdentifier (string) --
The user ID of a project member.
string
[REQUIRED]
The ID of the project for which this project membership was created.
dict
Response Syntax
{}
Response Structure
(dict) --
{'grantList': {'principal': {'project': {'projectDesignation': {'PROJECT_CATALOG_STEWARD'}}}}}
Lists policy grants.
See also: AWS API Documentation
Request Syntax
client.list_policy_grants(
domainIdentifier='string',
entityIdentifier='string',
entityType='DOMAIN_UNIT'|'ENVIRONMENT_BLUEPRINT_CONFIGURATION'|'ENVIRONMENT_PROFILE',
maxResults=123,
nextToken='string',
policyType='CREATE_DOMAIN_UNIT'|'OVERRIDE_DOMAIN_UNIT_OWNERS'|'ADD_TO_PROJECT_MEMBER_POOL'|'OVERRIDE_PROJECT_OWNERS'|'CREATE_GLOSSARY'|'CREATE_FORM_TYPE'|'CREATE_ASSET_TYPE'|'CREATE_PROJECT'|'CREATE_ENVIRONMENT_PROFILE'|'DELEGATE_CREATE_ENVIRONMENT_PROFILE'|'CREATE_ENVIRONMENT'
)
string
[REQUIRED]
The ID of the domain where you want to list policy grants.
string
[REQUIRED]
The ID of the entity for which you want to list policy grants.
string
[REQUIRED]
The type of entity for which you want to list policy grants.
integer
The maximum number of grants to return in a single call to ListPolicyGrants . When the number of grants to be listed is greater than the value of MaxResults , the response contains a NextToken value that you can use in a subsequent call to ListPolicyGrants to list the next set of grants.
string
When the number of grants is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of grants, the response includes a pagination token named NextToken . You can specify this NextToken value in a subsequent call to ListPolicyGrants to list the next set of grants.
string
[REQUIRED]
The type of policy that you want to list.
dict
Response Syntax
{
'grantList': [
{
'createdAt': datetime(2015, 1, 1),
'createdBy': 'string',
'detail': {
'addToProjectMemberPool': {
'includeChildDomainUnits': True|False
},
'createAssetType': {
'includeChildDomainUnits': True|False
},
'createDomainUnit': {
'includeChildDomainUnits': True|False
},
'createEnvironment': {},
'createEnvironmentProfile': {
'domainUnitId': 'string'
},
'createFormType': {
'includeChildDomainUnits': True|False
},
'createGlossary': {
'includeChildDomainUnits': True|False
},
'createProject': {
'includeChildDomainUnits': True|False
},
'delegateCreateEnvironmentProfile': {},
'overrideDomainUnitOwners': {
'includeChildDomainUnits': True|False
},
'overrideProjectOwners': {
'includeChildDomainUnits': True|False
}
},
'principal': {
'domainUnit': {
'domainUnitDesignation': 'OWNER',
'domainUnitGrantFilter': {
'allDomainUnitsGrantFilter': {}
},
'domainUnitIdentifier': 'string'
},
'group': {
'groupIdentifier': 'string'
},
'project': {
'projectDesignation': 'OWNER'|'CONTRIBUTOR'|'PROJECT_CATALOG_STEWARD',
'projectGrantFilter': {
'domainUnitFilter': {
'domainUnit': 'string',
'includeChildDomainUnits': True|False
}
},
'projectIdentifier': 'string'
},
'user': {
'allUsersGrantFilter': {},
'userIdentifier': 'string'
}
}
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
grantList (list) --
The results of this action - the listed grants.
(dict) --
A member of the policy grant list.
createdAt (datetime) --
Specifies the timestamp at which policy grant member was created.
createdBy (string) --
Specifies the user who created the policy grant member.
detail (dict) --
The details of the policy grant member.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: addToProjectMemberPool, createAssetType, createDomainUnit, createEnvironment, createEnvironmentProfile, createFormType, createGlossary, createProject, delegateCreateEnvironmentProfile, overrideDomainUnitOwners, overrideProjectOwners. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
addToProjectMemberPool (dict) --
Specifies that the policy grant is to be added to the members of the project.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createAssetType (dict) --
Specifies that this is a create asset type policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createDomainUnit (dict) --
Specifies that this is a create domain unit policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createEnvironment (dict) --
Specifies that this is a create environment policy.
createEnvironmentProfile (dict) --
Specifies that this is a create environment profile policy.
domainUnitId (string) --
The ID of the domain unit.
createFormType (dict) --
Specifies that this is a create form type policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createGlossary (dict) --
Specifies that this is a create glossary policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createProject (dict) --
Specifies that this is a create project policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
delegateCreateEnvironmentProfile (dict) --
Specifies that this is the delegation of the create environment profile policy.
overrideDomainUnitOwners (dict) --
Specifies whether to override domain unit owners.
includeChildDomainUnits (boolean) --
Specifies whether the policy is inherited by child domain units.
overrideProjectOwners (dict) --
Specifies whether to override project owners.
includeChildDomainUnits (boolean) --
Specifies whether the policy is inherited by child domain units.
principal (dict) --
The principal of the policy grant member.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: domainUnit, group, project, user. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
domainUnit (dict) --
The domain unit of the policy grant principal.
domainUnitDesignation (string) --
Specifes the designation of the domain unit users.
domainUnitGrantFilter (dict) --
The grant filter for the domain unit.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: allDomainUnitsGrantFilter. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
allDomainUnitsGrantFilter (dict) --
Specifies a grant filter containing all domain units.
domainUnitIdentifier (string) --
The ID of the domain unit.
group (dict) --
The group of the policy grant principal.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: groupIdentifier. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
groupIdentifier (string) --
The ID Of the group of the group principal.
project (dict) --
The project of the policy grant principal.
projectDesignation (string) --
The project designation of the project policy grant principal.
projectGrantFilter (dict) --
The project grant filter of the project policy grant principal.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: domainUnitFilter. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
domainUnitFilter (dict) --
The domain unit filter of the project grant filter.
domainUnit (string) --
The domain unit ID to use in the filter.
includeChildDomainUnits (boolean) --
Specifies whether to include child domain units.
projectIdentifier (string) --
The project ID of the project policy grant principal.
user (dict) --
The user of the policy grant principal.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: allUsersGrantFilter, userIdentifier. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
allUsersGrantFilter (dict) --
The all users grant filter of the user policy grant principal.
userIdentifier (string) --
The user ID of the user policy grant principal.
nextToken (string) --
When the number of grants is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of grants, the response includes a pagination token named NextToken . You can specify this NextToken value in a subsequent call to ListPolicyGrants to list the next set of grants.
{'members': {'designation': {'PROJECT_CATALOG_CONSUMER',
'PROJECT_CATALOG_STEWARD',
'PROJECT_CATALOG_VIEWER'}}}
Lists all members of the specified project.
See also: AWS API Documentation
Request Syntax
client.list_project_memberships(
domainIdentifier='string',
maxResults=123,
nextToken='string',
projectIdentifier='string',
sortBy='NAME',
sortOrder='ASCENDING'|'DESCENDING'
)
string
[REQUIRED]
The identifier of the Amazon DataZone domain in which you want to list project memberships.
integer
The maximum number of memberships to return in a single call to ListProjectMemberships . When the number of memberships to be listed is greater than the value of MaxResults , the response contains a NextToken value that you can use in a subsequent call to ListProjectMemberships to list the next set of memberships.
string
When the number of memberships is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of memberships, the response includes a pagination token named NextToken . You can specify this NextToken value in a subsequent call to ListProjectMemberships to list the next set of memberships.
string
[REQUIRED]
The identifier of the project whose memberships you want to list.
string
The method by which you want to sort the project memberships.
string
The sort order of the project memberships.
dict
Response Syntax
{
'members': [
{
'designation': 'PROJECT_OWNER'|'PROJECT_CONTRIBUTOR'|'PROJECT_CATALOG_VIEWER'|'PROJECT_CATALOG_CONSUMER'|'PROJECT_CATALOG_STEWARD',
'memberDetails': {
'group': {
'groupId': 'string'
},
'user': {
'userId': 'string'
}
}
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
members (list) --
The members of the project.
(dict) --
The details of a project member.
designation (string) --
The designated role of a project member.
memberDetails (dict) --
The membership details of a project member.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set: group, user. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
group (dict) --
The group details of a project member.
groupId (string) --
The identifier of the group in Amazon DataZone.
user (dict) --
The user details of a project member.
userId (string) --
The identifier of the Amazon DataZone user.
nextToken (string) --
When the number of memberships is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of memberships, the response includes a pagination token named NextToken . You can specify this NextToken value in a subsequent call to ListProjectMemberships to list the next set of memberships.
{'principal': {'project': {'projectDesignation': {'PROJECT_CATALOG_STEWARD'}}}}
Removes a policy grant.
See also: AWS API Documentation
Request Syntax
client.remove_policy_grant(
clientToken='string',
domainIdentifier='string',
entityIdentifier='string',
entityType='DOMAIN_UNIT'|'ENVIRONMENT_BLUEPRINT_CONFIGURATION'|'ENVIRONMENT_PROFILE',
policyType='CREATE_DOMAIN_UNIT'|'OVERRIDE_DOMAIN_UNIT_OWNERS'|'ADD_TO_PROJECT_MEMBER_POOL'|'OVERRIDE_PROJECT_OWNERS'|'CREATE_GLOSSARY'|'CREATE_FORM_TYPE'|'CREATE_ASSET_TYPE'|'CREATE_PROJECT'|'CREATE_ENVIRONMENT_PROFILE'|'DELEGATE_CREATE_ENVIRONMENT_PROFILE'|'CREATE_ENVIRONMENT',
principal={
'domainUnit': {
'domainUnitDesignation': 'OWNER',
'domainUnitGrantFilter': {
'allDomainUnitsGrantFilter': {}
},
'domainUnitIdentifier': 'string'
},
'group': {
'groupIdentifier': 'string'
},
'project': {
'projectDesignation': 'OWNER'|'CONTRIBUTOR'|'PROJECT_CATALOG_STEWARD',
'projectGrantFilter': {
'domainUnitFilter': {
'domainUnit': 'string',
'includeChildDomainUnits': True|False
}
},
'projectIdentifier': 'string'
},
'user': {
'allUsersGrantFilter': {}
,
'userIdentifier': 'string'
}
}
)
string
A unique, case-sensitive identifier that is provided to ensure the idempotency of the request.
This field is autopopulated if not provided.
string
[REQUIRED]
The ID of the domain where you want to remove a policy grant.
string
[REQUIRED]
The ID of the entity from which you want to remove a policy grant.
string
[REQUIRED]
The type of the entity from which you want to remove a policy grant.
string
[REQUIRED]
The type of the policy that you want to remove.
dict
[REQUIRED]
The principal from which you want to remove a policy grant.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: domainUnit, group, project, user.
domainUnit (dict) --
The domain unit of the policy grant principal.
domainUnitDesignation (string) -- [REQUIRED]
Specifes the designation of the domain unit users.
domainUnitGrantFilter (dict) --
The grant filter for the domain unit.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: allDomainUnitsGrantFilter.
allDomainUnitsGrantFilter (dict) --
Specifies a grant filter containing all domain units.
domainUnitIdentifier (string) --
The ID of the domain unit.
group (dict) --
The group of the policy grant principal.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: groupIdentifier.
groupIdentifier (string) --
The ID Of the group of the group principal.
project (dict) --
The project of the policy grant principal.
projectDesignation (string) -- [REQUIRED]
The project designation of the project policy grant principal.
projectGrantFilter (dict) --
The project grant filter of the project policy grant principal.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: domainUnitFilter.
domainUnitFilter (dict) --
The domain unit filter of the project grant filter.
domainUnit (string) -- [REQUIRED]
The domain unit ID to use in the filter.
includeChildDomainUnits (boolean) --
Specifies whether to include child domain units.
projectIdentifier (string) --
The project ID of the project policy grant principal.
user (dict) --
The user of the policy grant principal.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set: allUsersGrantFilter, userIdentifier.
allUsersGrantFilter (dict) --
The all users grant filter of the user policy grant principal.
userIdentifier (string) --
The user ID of the user policy grant principal.
dict
Response Syntax
{}
Response Structure
(dict) --