PutFileSystemPolicy - Amazon Elastic File System
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

PutFileSystemPolicy

Applies an Amazon EFS FileSystemPolicy to an Amazon EFS file system. A file system policy is an IAM resource-based policy and can contain multiple policy statements. A file system always has exactly one file system policy, which can be the default policy or an explicit policy set or updated using this API operation. When an explicit policy is set, it overrides the default policy. For more information about the default file system policy, see Default EFS File System Policy.

This operation requires permissions for the elasticfilesystem:PutFileSystemPolicy action.

Request Syntax

PUT /2015-02-01/file-systems/FileSystemId/policy HTTP/1.1 Content-type: application/json { "BypassPolicyLockoutSafetyCheck": boolean, "Policy": "string" }

URI Request Parameters

The request uses the following URI parameters.

FileSystemId

The ID of the EFS file system that you want to create or update the FileSystemPolicy for.

Required: Yes

Request Body

The request accepts the following data in JSON format.

BypassPolicyLockoutSafetyCheck

(Optional) A flag to indicate whether to bypass the FileSystemPolicy lockout safety check. The policy lockout safety check determines whether the policy in the request will prevent the principal making the request will be locked out from making future PutFileSystemPolicy requests on the file system. Set BypassPolicyLockoutSafetyCheck to True only when you intend to prevent the principal that is making the request from making a subsequent PutFileSystemPolicy request on the file system. The default value is False.

Type: Boolean

Required: No

Policy

The FileSystemPolicy that you're creating. Accepts a JSON formatted policy definition. To find out more about the elements that make up a file system policy, see EFS Resource-based Policies.

Type: String

Required: Yes

Response Syntax

HTTP/1.1 200 Content-type: application/json { "FileSystemId": "string", "Policy": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

FileSystemId

Specifies the EFS file system to which the FileSystemPolicy applies.

Type: String

Policy

The JSON formatted FileSystemPolicy for the EFS file system.

Type: String

Errors

FileSystemNotFound

Returned if the specified FileSystemId value doesn't exist in the requester's AWS account.

HTTP Status Code: 404

IncorrectFileSystemLifeCycleState

Returned if the file system's lifecycle state is not "available".

HTTP Status Code: 409

InternalServerError

Returned if an error occurred on the server side.

HTTP Status Code: 500

InvalidPolicyException

Returned if the FileSystemPolicy is is malformed or contains an error such as an invalid parameter value or a missing required parameter. Returned in the case of a policy lockout safety check error.

HTTP Status Code: 400

Example

Create an EFS FileSystemPolicy

The following request creates a FileSystemPolicy that allows all AWS principals to mount the specified EFS file system with read and write permissions.

Sample Request

PUT /2015-02-01/file-systems/fs-01234567/file-system-policy HTTP/1.1 { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "elasticfilesystem:ClientMount", "elasticfilesystem:ClientWrite" ], "Principal": { "AWS": ["*"] }, } ] }

Sample Response

{ "Version": "2012-10-17", "Id": "1", "Statement": [ { "Sid": "efs-statement-abcdef01-1111-bbbb-2222-111122224444", "Effect": "Allow", "Action": [ "elasticfilesystem:ClientMount", "elasticfilesystem:ClientWrite" ], "Principal": { "AWS": ["*"] }, "Resource":"arn:aws:elasticfilesystem:us-east-1:0123456789abc:file-system/fs-01234567" } ] }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: