QBusiness / Client / associate_permission

associate_permission

QBusiness.Client.associate_permission(**kwargs)

Adds or updates a permission policy for a Amazon Q Business application, allowing cross-account access for an ISV. This operation creates a new policy statement for the specified Amazon Q Business application. The policy statement defines the IAM actions that the ISV is allowed to perform on the Amazon Q Business application’s resources.

See also: AWS API Documentation

Request Syntax

response = client.associate_permission(
    applicationId='string',
    statementId='string',
    actions=[
        'string',
    ],
    conditions=[
        {
            'conditionOperator': 'StringEquals',
            'conditionKey': 'string',
            'conditionValues': [
                'string',
            ]
        },
    ],
    principal='string'
)
Parameters:
  • applicationId (string) –

    [REQUIRED]

    The unique identifier of the Amazon Q Business application.

  • statementId (string) –

    [REQUIRED]

    A unique identifier for the policy statement.

  • actions (list) –

    [REQUIRED]

    The list of Amazon Q Business actions that the ISV is allowed to perform.

    • (string) –

  • conditions (list) –

    The conditions that restrict when the permission is effective. These conditions can be used to limit the permission based on specific attributes of the request.

    • (dict) –

      Defines a condition that restricts when a permission is effective. Conditions allow you to control access based on specific attributes of the request.

      • conditionOperator (string) – [REQUIRED]

        The operator to use for the condition evaluation. This determines how the condition values are compared.

      • conditionKey (string) – [REQUIRED]

        The key for the condition. This identifies the attribute that the condition applies to.

      • conditionValues (list) – [REQUIRED]

        The values to compare against using the specified condition operator.

        • (string) –

  • principal (string) –

    [REQUIRED]

    The Amazon Resource Name of the IAM role for the ISV that is being granted permission.

Return type:

dict

Returns:

Response Syntax

{
    'statement': 'string'
}

Response Structure

  • (dict) –

    • statement (string) –

      The JSON representation of the added permission statement.

Exceptions