:doc:`EFS <../../efs>` / Client / put_file_system_policy

**********************
put_file_system_policy
**********************



.. py:method:: EFS.Client.put_file_system_policy(**kwargs)

  

  Applies an Amazon EFS ``FileSystemPolicy`` to an Amazon EFS file system. A file system policy is an IAM resource-based policy and can contain multiple policy statements. A file system always has exactly one file system policy, which can be the default policy or an explicit policy set or updated using this API operation. EFS file system policies have a 20,000 character limit. When an explicit policy is set, it overrides the default policy. For more information about the default file system policy, see `Default EFS file system policy <https://docs.aws.amazon.com/efs/latest/ug/iam-access-control-nfs-efs.html#default-filesystempolicy>`__.

   

  .. note::

    

    EFS file system policies have a 20,000 character limit.

    

   

  This operation requires permissions for the ``elasticfilesystem:PutFileSystemPolicy`` action.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/elasticfilesystem-2015-02-01/PutFileSystemPolicy>`_  


  **Request Syntax**
  ::

    response = client.put_file_system_policy(
        FileSystemId='string',
        Policy='string',
        BypassPolicyLockoutSafetyCheck=True|False
    )
    
  :type FileSystemId: string
  :param FileSystemId: **[REQUIRED]** 

    The ID of the EFS file system that you want to create or update the ``FileSystemPolicy`` for.

    

  
  :type Policy: string
  :param Policy: **[REQUIRED]** 

    The ``FileSystemPolicy`` that you're creating. Accepts a JSON formatted policy definition. EFS file system policies have a 20,000 character limit. To find out more about the elements that make up a file system policy, see `Resource-based policies within Amazon EFS <https://docs.aws.amazon.com/efs/latest/ug/security_iam_service-with-iam.html#security_iam_service-with-iam-resource-based-policies>`__.

    

  
  :type BypassPolicyLockoutSafetyCheck: boolean
  :param BypassPolicyLockoutSafetyCheck: 

    (Optional) A boolean that specifies whether or not to bypass the ``FileSystemPolicy`` lockout safety check. The lockout safety check determines whether the policy in the request will lock out, or prevent, the IAM principal that is making the request from making future ``PutFileSystemPolicy`` requests on this file system. Set ``BypassPolicyLockoutSafetyCheck`` to ``True`` only when you intend to prevent the IAM principal that is making the request from making subsequent ``PutFileSystemPolicy`` requests on this file system. The default value is ``False``.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'FileSystemId': 'string',
          'Policy': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **FileSystemId** *(string) --* 

        Specifies the EFS file system to which the ``FileSystemPolicy`` applies.

        
      

      - **Policy** *(string) --* 

        The JSON formatted ``FileSystemPolicy`` for the EFS file system.

        
  
  **Exceptions**
  
  *   :py:class:`EFS.Client.exceptions.BadRequest`

  
  *   :py:class:`EFS.Client.exceptions.InternalServerError`

  
  *   :py:class:`EFS.Client.exceptions.FileSystemNotFound`

  
  *   :py:class:`EFS.Client.exceptions.InvalidPolicyException`

  
  *   :py:class:`EFS.Client.exceptions.IncorrectFileSystemLifeCycleState`

  