ModifyDocumentPermission - Amazon Systems Manager
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

ModifyDocumentPermission

Shares a Amazon Systems Manager document (SSM document)publicly or privately. If you share a document privately, you must specify the Amazon Web Services user account IDs for those people who can use the document. If you share a document publicly, you must specify All as the account ID.

Request Syntax

{ "AccountIdsToAdd": [ "string" ], "AccountIdsToRemove": [ "string" ], "Name": "string", "PermissionType": "string", "SharedDocumentVersion": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

AccountIdsToAdd

The Amazon Web Services user accounts that should have access to the document. The account IDs can either be a group of account IDs or All.

Type: Array of strings

Array Members: Maximum number of 20 items.

Pattern: (?i)all|[0-9]{12}

Required: No

AccountIdsToRemove

The Amazon Web Services user accounts that should no longer have access to the document. The Amazon Web Services user account can either be a group of account IDs or All. This action has a higher priority than AccountIdsToAdd. If you specify an account ID to add and the same ID to remove, the system removes access to the document.

Type: Array of strings

Array Members: Maximum number of 20 items.

Pattern: (?i)all|[0-9]{12}

Required: No

Name

The name of the document that you want to share.

Type: String

Pattern: ^[a-zA-Z0-9_\-.]{3,128}$

Required: Yes

PermissionType

The permission type for the document. The permission type can be Share.

Type: String

Valid Values: Share

Required: Yes

SharedDocumentVersion

(Optional) The version of the document to share. If it isn't specified, the system choose the Default version to share.

Type: String

Length Constraints: Maximum length of 8.

Pattern: ([$]LATEST|[$]DEFAULT|[$]ALL)

Required: No

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Errors

For information about the errors that are common to all actions, see Common Errors.

DocumentLimitExceeded

You can have at most 500 active SSM documents.

HTTP Status Code: 400

DocumentPermissionLimit

The document can't be shared with more Amazon Web Services user accounts. You can share a document with a maximum of 20 accounts. You can publicly share up to five documents. If you need to increase this limit, contact Amazon Support.

HTTP Status Code: 400

InternalServerError

An error occurred on the server side.

HTTP Status Code: 500

InvalidDocument

The specified SSM document doesn't exist.

HTTP Status Code: 400

InvalidPermissionType

The permission type isn't supported. Share is the only supported permission type.

HTTP Status Code: 400

Examples

Example

This example illustrates one usage of ModifyDocumentPermission.

Sample Request

POST / HTTP/1.1 Host: ssm.us-east-2.amazonaws.com Accept-Encoding: identity X-Amz-Target: AmazonSSM.ModifyDocumentPermission Content-Type: application/x-amz-json-1.1 User-Agent: aws-cli/1.17.12 Python/3.6.8 Darwin/18.7.0 botocore/1.14.12 X-Amz-Date: 20200325T152441Z Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20200325/us-east-2/ssm/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=39c3b3042cd2aEXAMPLE Content-Length: 78 { "Name": "Example", "PermissionType": "Share", "AccountIdsToAdd": [ "444455556666" ] }

Sample Response

{}

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: