This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.
AWS::APS::ResourcePolicy
Use resource-based policies to grant permissions to other Amazon accounts or services to access your workspace.
Only Prometheus-compatible APIs can be used for workspace sharing. You can add non-Prometheus-compatible APIs to the policy, but they will be ignored. For more information, see Prometheus-compatible APIs in the Amazon Managed Service for Prometheus User Guide.
If your workspace uses customer-managed Amazon KMS keys for encryption, you must grant the principals in your resource-based policy access to those Amazon KMS keys. You can do this by creating Amazon KMS grants. For more information, see CreateGrant in the Amazon KMS API Reference and Encryption at rest in the Amazon Managed Service for Prometheus User Guide.
For more information about working with IAM, see Using Amazon Managed Service for Prometheus with IAM in the Amazon Managed Service for Prometheus User Guide.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::APS::ResourcePolicy", "Properties" : { "PolicyDocument" :String, "WorkspaceArn" :String} }
YAML
Type: AWS::APS::ResourcePolicy Properties: PolicyDocument:StringWorkspaceArn:String
Properties
PolicyDocument-
The JSON to use as the Resource-based Policy.
Required: Yes
Type: String
Update requires: No interruption
WorkspaceArn-
An ARN identifying a Workspace.
Required: Yes
Type: String
Pattern:
^arn:(aws|aws-us-gov|aws-cn):aps:[a-z0-9-]+:[0-9]+:workspace/[a-zA-Z0-9-]+$Update requires: Replacement