UpdateCrossAccountAttachment
Update a cross-account attachment to add or remove principals or resources. When you update an attachment to remove a principal (account ID or accelerator) or a resource, AWS Global Accelerator revokes the permission for specific resources.
For more information, see Working with cross-account attachments and resources in AWS Global Accelerator in the AWS Global Accelerator Developer Guide.
Request Syntax
{
"AddPrincipals": [ "string" ],
"AddResources": [
{
"Cidr": "string",
"EndpointId": "string",
"Region": "string"
}
],
"AttachmentArn": "string",
"Name": "string",
"RemovePrincipals": [ "string" ],
"RemoveResources": [
{
"Cidr": "string",
"EndpointId": "string",
"Region": "string"
}
]
}Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- AddPrincipals
-
The principals to add to the cross-account attachment. A principal is an account or the Amazon Resource Name (ARN) of an accelerator that the attachment gives permission to work with resources from another account. The resources are also listed in the attachment.
To add more than one principal, separate the account numbers or accelerator ARNs, or both, with commas.
Type: Array of strings
Length Constraints: Maximum length of 256.
Pattern:
(^\d{12}$|arn:.*)Required: No
- AddResources
-
The resources to add to the cross-account attachment. A resource listed in a cross-account attachment can be used with an accelerator by the principals that are listed in the attachment.
To add more than one resource, separate the resource ARNs with commas.
Type: Array of Resource objects
Required: No
- AttachmentArn
-
The Amazon Resource Name (ARN) of the cross-account attachment to update.
Type: String
Length Constraints: Maximum length of 255.
Required: Yes
- Name
-
The name of the cross-account attachment.
Type: String
Length Constraints: Maximum length of 64.
Pattern:
[\S\s]+Required: No
- RemovePrincipals
-
The principals to remove from the cross-account attachment. A principal is an account or the Amazon Resource Name (ARN) of an accelerator that the attachment gives permission to work with resources from another account. The resources are also listed in the attachment.
To remove more than one principal, separate the account numbers or accelerator ARNs, or both, with commas.
Type: Array of strings
Length Constraints: Maximum length of 256.
Pattern:
(^\d{12}$|arn:.*)Required: No
- RemoveResources
-
The resources to remove from the cross-account attachment. A resource listed in a cross-account attachment can be used with an accelerator by the principals that are listed in the attachment.
To remove more than one resource, separate the resource ARNs with commas.
Type: Array of Resource objects
Required: No
Response Syntax
{
"CrossAccountAttachment": {
"AttachmentArn": "string",
"CreatedTime": number,
"LastModifiedTime": number,
"Name": "string",
"Principals": [ "string" ],
"Resources": [
{
"Cidr": "string",
"EndpointId": "string",
"Region": "string"
}
]
}
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- CrossAccountAttachment
-
Information about the updated cross-account attachment.
Type: Attachment object
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
You don't have access permission.
HTTP Status Code: 400
- AttachmentNotFoundException
-
No cross-account attachment was found.
HTTP Status Code: 400
- InternalServiceErrorException
-
There was an internal error for AWS Global Accelerator.
HTTP Status Code: 400
- InvalidArgumentException
-
An argument that you specified is invalid.
HTTP Status Code: 400
- LimitExceededException
-
Processing your request would cause you to exceed an AWS Global Accelerator limit.
HTTP Status Code: 400
- TransactionInProgressException
-
There's already a transaction in progress. Another transaction can't be processed.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
