ModifyDocumentPermission - Amazon Systems Manager
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Shares a Amazon Systems Manager document (SSM document)publicly or privately. If you share a document privately, you must specify the Amazon Web Services user IDs for those people who can use the document. If you share a document publicly, you must specify All as the account ID.

Request Syntax

{ "AccountIdsToAdd": [ "string" ], "AccountIdsToRemove": [ "string" ], "Name": "string", "PermissionType": "string", "SharedDocumentVersion": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.


The Amazon Web Services users that should have access to the document. The account IDs can either be a group of account IDs or All.

Type: Array of strings

Array Members: Maximum number of 20 items.

Pattern: (?i)all|[0-9]{12}

Required: No


The Amazon Web Services users that should no longer have access to the document. The Amazon Web Services user can either be a group of account IDs or All. This action has a higher priority than AccountIdsToAdd. If you specify an ID to add and the same ID to remove, the system removes access to the document.

Type: Array of strings

Array Members: Maximum number of 20 items.

Pattern: (?i)all|[0-9]{12}

Required: No


The name of the document that you want to share.

Type: String

Pattern: ^[a-zA-Z0-9_\-.]{3,128}$

Required: Yes


The permission type for the document. The permission type can be Share.

Type: String

Valid Values: Share

Required: Yes


(Optional) The version of the document to share. If it isn't specified, the system choose the Default version to share.

Type: String

Length Constraints: Maximum length of 8.

Pattern: ([$]LATEST|[$]DEFAULT|[$]ALL)

Required: No

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.


For information about the errors that are common to all actions, see Common Errors.


You can have at most 500 active SSM documents.

HTTP Status Code: 400


The document can't be shared with more Amazon Web Services accounts. You can specify a maximum of 20 accounts per API operation to share a private document.

By default, you can share a private document with a maximum of 1,000 accounts and publicly share up to five documents.

If you need to increase the quota for privately or publicly shared Systems Manager documents, contact Amazon Support.

HTTP Status Code: 400


An error occurred on the server side.

HTTP Status Code: 500


The specified SSM document doesn't exist.

HTTP Status Code: 400


The permission type isn't supported. Share is the only supported permission type.

HTTP Status Code: 400



This example illustrates one usage of ModifyDocumentPermission.

Sample Request

POST / HTTP/1.1 Host: Accept-Encoding: identity X-Amz-Target: AmazonSSM.ModifyDocumentPermission Content-Type: application/x-amz-json-1.1 User-Agent: aws-cli/1.17.12 Python/3.6.8 Darwin/18.7.0 botocore/1.14.12 X-Amz-Date: 20200325T152441Z Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20200325/us-east-2/ssm/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=39c3b3042cd2aEXAMPLE Content-Length: 78 { "Name": "Example", "PermissionType": "Share", "AccountIdsToAdd": [ "444455556666" ] }

Sample Response


See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: