QBusiness / Client / associate_permission

associate_permission

QBusiness.Client.associate_permission(**kwargs)

Adds or updates a permission policy for a Amazon Q Business application, allowing cross-account access for an ISV. This operation creates a new policy statement for the specified Amazon Q Business application. The policy statement defines the IAM actions that the ISV is allowed to perform on the Amazon Q Business application’s resources.

See also: AWS API Documentation

Request Syntax

response = client.associate_permission(
    applicationId='string',
    statementId='string',
    actions=[
        'string',
    ],
    conditions=[
        {
            'conditionOperator': 'StringEquals',
            'conditionKey': 'string',
            'conditionValues': [
                'string',
            ]
        },
    ],
    principal='string'
)

Parameters:

• applicationId (string) –

  [REQUIRED]

  The unique identifier of the Amazon Q Business application.

• statementId (string) –

  [REQUIRED]

  A unique identifier for the policy statement.

• actions (list) –

  [REQUIRED]

  The list of Amazon Q Business actions that the ISV is allowed to perform.

  • (string) –

• conditions (list) –

  The conditions that restrict when the permission is effective. These conditions can be used to limit the permission based on specific attributes of the request.

  • (dict) –

    Defines a condition that restricts when a permission is effective. Conditions allow you to control access based on specific attributes of the request.

    • conditionOperator (string) – [REQUIRED]

      The operator to use for the condition evaluation. This determines how the condition values are compared.

    • conditionKey (string) – [REQUIRED]

      The key for the condition. This identifies the attribute that the condition applies to.

    • conditionValues (list) – [REQUIRED]

      The values to compare against using the specified condition operator.

      • (string) –

• principal (string) –

  [REQUIRED]

  The Amazon Resource Name of the IAM role for the ISV that is being granted permission.

Return type:

dict

Returns:

Response Syntax

{
    'statement': 'string'
}

Response Structure

• (dict) –

  • statement (string) –

    The JSON representation of the added permission statement.

Exceptions

• QBusiness.Client.exceptions.InternalServerException

• QBusiness.Client.exceptions.ResourceNotFoundException

• QBusiness.Client.exceptions.ConflictException

• QBusiness.Client.exceptions.ThrottlingException

• QBusiness.Client.exceptions.ValidationException

• QBusiness.Client.exceptions.AccessDeniedException

• QBusiness.Client.exceptions.ServiceQuotaExceededException