:doc:`EKS <../../eks>` / Client / associate_access_policy

***********************
associate_access_policy
***********************



.. py:method:: EKS.Client.associate_access_policy(**kwargs)

  

  Associates an access policy and its scope to an access entry. For more information about associating access policies, see `Associating and disassociating access policies to and from access entries <https://docs.aws.amazon.com/eks/latest/userguide/access-policies.html>`__ in the *Amazon EKS User Guide*.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/AssociateAccessPolicy>`_  


  **Request Syntax**
  ::

    response = client.associate_access_policy(
        clusterName='string',
        principalArn='string',
        policyArn='string',
        accessScope={
            'type': 'cluster'|'namespace',
            'namespaces': [
                'string',
            ]
        }
    )
    
  :type clusterName: string
  :param clusterName: **[REQUIRED]** 

    The name of your cluster.

    

  
  :type principalArn: string
  :param principalArn: **[REQUIRED]** 

    The Amazon Resource Name (ARN) of the IAM user or role for the ``AccessEntry`` that you're associating the access policy to.

    

  
  :type policyArn: string
  :param policyArn: **[REQUIRED]** 

    The ARN of the ``AccessPolicy`` that you're associating. For a list of ARNs, use ``ListAccessPolicies``.

    

  
  :type accessScope: dict
  :param accessScope: **[REQUIRED]** 

    The scope for the ``AccessPolicy``. You can scope access policies to an entire cluster or to specific Kubernetes namespaces.

    

  
    - **type** *(string) --* 

      The scope type of an access policy.

      

    
    - **namespaces** *(list) --* 

      A Kubernetes ``namespace`` that an access policy is scoped to. A value is required if you specified ``namespace`` for ``Type``.

      

    
      - *(string) --* 

      
  
  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'clusterName': 'string',
          'principalArn': 'string',
          'associatedAccessPolicy': {
              'policyArn': 'string',
              'accessScope': {
                  'type': 'cluster'|'namespace',
                  'namespaces': [
                      'string',
                  ]
              },
              'associatedAt': datetime(2015, 1, 1),
              'modifiedAt': datetime(2015, 1, 1)
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **clusterName** *(string) --* 

        The name of your cluster.

        
      

      - **principalArn** *(string) --* 

        The ARN of the IAM principal for the ``AccessEntry``.

        
      

      - **associatedAccessPolicy** *(dict) --* 

        The ``AccessPolicy`` and scope associated to the ``AccessEntry``.

        
        

        - **policyArn** *(string) --* 

          The ARN of the ``AccessPolicy``.

          
        

        - **accessScope** *(dict) --* 

          The scope of the access policy.

          
          

          - **type** *(string) --* 

            The scope type of an access policy.

            
          

          - **namespaces** *(list) --* 

            A Kubernetes ``namespace`` that an access policy is scoped to. A value is required if you specified ``namespace`` for ``Type``.

            
            

            - *(string) --* 
        
      
        

        - **associatedAt** *(datetime) --* 

          The date and time the ``AccessPolicy`` was associated with an ``AccessEntry``.

          
        

        - **modifiedAt** *(datetime) --* 

          The Unix epoch timestamp for the last modification to the object.

          
    
  
  **Exceptions**
  
  *   :py:class:`EKS.Client.exceptions.ServerException`

  
  *   :py:class:`EKS.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`EKS.Client.exceptions.InvalidRequestException`

  
  *   :py:class:`EKS.Client.exceptions.InvalidParameterException`

  