:doc:`PrometheusService <../../amp>` / Client / put_resource_policy

*******************
put_resource_policy
*******************



.. py:method:: PrometheusService.Client.put_resource_policy(**kwargs)

  

  Creates or updates a resource-based policy for an Amazon Managed Service for Prometheus workspace. Use resource-based policies to grant permissions to other AWS accounts or services to access your workspace.

   

  Only Prometheus-compatible APIs can be used for workspace sharing. You can add non-Prometheus-compatible APIs to the policy, but they will be ignored. For more information, see `Prometheus-compatible APIs <https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-APIReference-Prometheus-Compatible-Apis.html>`__ in the *Amazon Managed Service for Prometheus User Guide*.

   

  If your workspace uses customer-managed KMS keys for encryption, you must grant the principals in your resource-based policy access to those KMS keys. You can do this by creating KMS grants. For more information, see `CreateGrant <https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html>`__ in the *AWS Key Management Service API Reference* and `Encryption at rest <https://docs.aws.amazon.com/prometheus/latest/userguide/encryption-at-rest-Amazon-Service-Prometheus.html>`__ in the *Amazon Managed Service for Prometheus User Guide*.

   

  For more information about working with IAM, see `Using Amazon Managed Service for Prometheus with IAM <https://docs.aws.amazon.com/prometheus/latest/userguide/security_iam_service-with-iam.html>`__ in the *Amazon Managed Service for Prometheus User Guide*.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/amp-2020-08-01/PutResourcePolicy>`_  


  **Request Syntax**
  ::

    response = client.put_resource_policy(
        workspaceId='string',
        policyDocument='string',
        clientToken='string',
        revisionId='string'
    )
    
  :type workspaceId: string
  :param workspaceId: **[REQUIRED]** 

    The ID of the workspace to attach the resource-based policy to.

    

  
  :type policyDocument: string
  :param policyDocument: **[REQUIRED]** 

    The JSON policy document to use as the resource-based policy. This policy defines the permissions that other AWS accounts or services have to access your workspace.

    

  
  :type clientToken: string
  :param clientToken: 

    A unique, case-sensitive identifier that you provide to ensure the request is safe to retry (idempotent).

    This field is autopopulated if not provided.

  
  :type revisionId: string
  :param revisionId: 

    The revision ID of the policy to update. Use this parameter to ensure that you are updating the correct version of the policy. If you don't specify a revision ID, the policy is updated regardless of its current revision.

     

    For the first **PUT** request on a workspace that doesn't have an existing resource policy, you can specify ``NO_POLICY`` as the revision ID.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'policyStatus': 'CREATING'|'ACTIVE'|'UPDATING'|'DELETING',
          'revisionId': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **policyStatus** *(string) --* 

        The current status of the resource-based policy.

        
      

      - **revisionId** *(string) --* 

        The revision ID of the newly created or updated resource-based policy.

        
  
  **Exceptions**
  
  *   :py:class:`PrometheusService.Client.exceptions.ThrottlingException`

  
  *   :py:class:`PrometheusService.Client.exceptions.ConflictException`

  
  *   :py:class:`PrometheusService.Client.exceptions.ValidationException`

  
  *   :py:class:`PrometheusService.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`PrometheusService.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`PrometheusService.Client.exceptions.InternalServerException`

  