Copyright | (c) 2013-2021 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | None |
Running PutPermission
permits the specified Amazon Web Services
account or Amazon Web Services organization to put events to the
specified event bus. Amazon EventBridge (CloudWatch Events) rules in
your account are triggered by these events arriving to an event bus in
your account.
For another account to send events to your account, that external account must have an EventBridge rule with your account's event bus as a target.
To enable multiple Amazon Web Services accounts to put events to your
event bus, run PutPermission
once for each of these accounts. Or, if
all the accounts are members of the same Amazon Web Services
organization, you can run PutPermission
once specifying Principal
as
"*" and specifying the Amazon Web Services organization ID in
Condition
, to grant permissions to all accounts in that organization.
If you grant permissions using an organization, then accounts in that
organization must specify a RoleArn
with proper permissions when they
use PutTarget
to add your account's event bus as a target. For more
information, see
Sending and Receiving Events Between Amazon Web Services Accounts
in the Amazon EventBridge User Guide.
The permission policy on the event bus cannot exceed 10 KB in size.
Synopsis
- data PutPermission = PutPermission' {}
- newPutPermission :: PutPermission
- putPermission_action :: Lens' PutPermission (Maybe Text)
- putPermission_eventBusName :: Lens' PutPermission (Maybe Text)
- putPermission_principal :: Lens' PutPermission (Maybe Text)
- putPermission_policy :: Lens' PutPermission (Maybe Text)
- putPermission_statementId :: Lens' PutPermission (Maybe Text)
- putPermission_condition :: Lens' PutPermission (Maybe Condition)
- data PutPermissionResponse = PutPermissionResponse' {
- newPutPermissionResponse :: PutPermissionResponse
Creating a Request
data PutPermission Source #
See: newPutPermission
smart constructor.
PutPermission' | |
|
Instances
newPutPermission :: PutPermission Source #
Create a value of PutPermission
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:action:PutPermission'
, putPermission_action
- The action that you are enabling the other account to perform.
$sel:eventBusName:PutPermission'
, putPermission_eventBusName
- The name of the event bus associated with the rule. If you omit this,
the default event bus is used.
$sel:principal:PutPermission'
, putPermission_principal
- The 12-digit Amazon Web Services account ID that you are permitting to
put events to your default event bus. Specify "*" to permit any
account to put events to your default event bus.
If you specify "*" without specifying Condition
, avoid creating
rules that may match undesirable events. To create more secure rules,
make sure that the event pattern for each rule contains an account
field with a specific account ID from which to receive events. Rules
with an account field do not match any events sent from other accounts.
$sel:policy:PutPermission'
, putPermission_policy
- A JSON string that describes the permission policy statement. You can
include a Policy
parameter in the request instead of using the
StatementId
, Action
, Principal
, or Condition
parameters.
$sel:statementId:PutPermission'
, putPermission_statementId
- An identifier string for the external account that you are granting
permissions to. If you later want to revoke the permission for this
external account, specify this StatementId
when you run
RemovePermission.
$sel:condition:PutPermission'
, putPermission_condition
- This parameter enables you to limit the permission to accounts that
fulfill a certain condition, such as being a member of a certain Amazon
Web Services organization. For more information about Amazon Web
Services Organizations, see
What Is Amazon Web Services Organizations
in the Amazon Web Services Organizations User Guide.
If you specify Condition
with an Amazon Web Services organization ID,
and specify "*" as the value for Principal
, you grant permission to
all the accounts in the named organization.
The Condition
is a JSON string which must contain Type
, Key
, and
Value
fields.
Request Lenses
putPermission_action :: Lens' PutPermission (Maybe Text) Source #
The action that you are enabling the other account to perform.
putPermission_eventBusName :: Lens' PutPermission (Maybe Text) Source #
The name of the event bus associated with the rule. If you omit this, the default event bus is used.
putPermission_principal :: Lens' PutPermission (Maybe Text) Source #
The 12-digit Amazon Web Services account ID that you are permitting to put events to your default event bus. Specify "*" to permit any account to put events to your default event bus.
If you specify "*" without specifying Condition
, avoid creating
rules that may match undesirable events. To create more secure rules,
make sure that the event pattern for each rule contains an account
field with a specific account ID from which to receive events. Rules
with an account field do not match any events sent from other accounts.
putPermission_policy :: Lens' PutPermission (Maybe Text) Source #
A JSON string that describes the permission policy statement. You can
include a Policy
parameter in the request instead of using the
StatementId
, Action
, Principal
, or Condition
parameters.
putPermission_statementId :: Lens' PutPermission (Maybe Text) Source #
An identifier string for the external account that you are granting
permissions to. If you later want to revoke the permission for this
external account, specify this StatementId
when you run
RemovePermission.
putPermission_condition :: Lens' PutPermission (Maybe Condition) Source #
This parameter enables you to limit the permission to accounts that fulfill a certain condition, such as being a member of a certain Amazon Web Services organization. For more information about Amazon Web Services Organizations, see What Is Amazon Web Services Organizations in the Amazon Web Services Organizations User Guide.
If you specify Condition
with an Amazon Web Services organization ID,
and specify "*" as the value for Principal
, you grant permission to
all the accounts in the named organization.
The Condition
is a JSON string which must contain Type
, Key
, and
Value
fields.
Destructuring the Response
data PutPermissionResponse Source #
See: newPutPermissionResponse
smart constructor.
Instances
Eq PutPermissionResponse Source # | |
Defined in Amazonka.CloudWatchEvents.PutPermission (==) :: PutPermissionResponse -> PutPermissionResponse -> Bool # (/=) :: PutPermissionResponse -> PutPermissionResponse -> Bool # | |
Read PutPermissionResponse Source # | |
Show PutPermissionResponse Source # | |
Defined in Amazonka.CloudWatchEvents.PutPermission showsPrec :: Int -> PutPermissionResponse -> ShowS # show :: PutPermissionResponse -> String # showList :: [PutPermissionResponse] -> ShowS # | |
Generic PutPermissionResponse Source # | |
Defined in Amazonka.CloudWatchEvents.PutPermission type Rep PutPermissionResponse :: Type -> Type # | |
NFData PutPermissionResponse Source # | |
Defined in Amazonka.CloudWatchEvents.PutPermission rnf :: PutPermissionResponse -> () # | |
type Rep PutPermissionResponse Source # | |
Defined in Amazonka.CloudWatchEvents.PutPermission |
newPutPermissionResponse :: PutPermissionResponse Source #
Create a value of PutPermissionResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.