:doc:`Glacier <../../glacier>` / Client / set_vault_access_policy

***********************
set_vault_access_policy
***********************



.. py:method:: Glacier.Client.set_vault_access_policy(**kwargs)

  

  This operation configures an access policy for a vault and will overwrite an existing policy. To configure a vault access policy, send a PUT request to the ``access-policy`` subresource of the vault. An access policy is specific to a vault and is also called a vault subresource. You can set one access policy per vault and the policy can be up to 20 KB in size. For more information about vault access policies, see `Amazon Glacier Access Control with Vault Access Policies <https://docs.aws.amazon.com/amazonglacier/latest/dev/vault-access-policy.html>`__.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/glacier-2012-06-01/SetVaultAccessPolicy>`_  


  **Request Syntax**
  ::

    response = client.set_vault_access_policy(
        vaultName='string',
        policy={
            'Policy': 'string'
        }
    )
    
  :type accountId: string
  :param accountId: 

    The ``AccountId`` value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single ' ``-``' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

        Note: this parameter is set to "-" bydefault if no value is not specified.


  
  :type vaultName: string
  :param vaultName: **[REQUIRED]** 

    The name of the vault.

    

  
  :type policy: dict
  :param policy: 

    The vault access policy as a JSON string.

    

  
    - **Policy** *(string) --* 

      The vault access policy.

      

    
  
  
  :returns: None
  **Exceptions**
  
  *   :py:class:`Glacier.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`Glacier.Client.exceptions.InvalidParameterValueException`

  
  *   :py:class:`Glacier.Client.exceptions.MissingParameterValueException`

  
  *   :py:class:`Glacier.Client.exceptions.ServiceUnavailableException`

  
  *   :py:class:`Glacier.Client.exceptions.NoLongerSupportedException`

  

  **Examples**

  The example configures an access policy for the vault named examplevault.
  ::

    response = client.set_vault_access_policy(
        accountId='-',
        policy={
            'Policy': '{"Version":"2012-10-17","Statement":[{"Sid":"Define-owner-access-rights","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::999999999999:root"},"Action":"glacier:DeleteArchive","Resource":"arn:aws:glacier:us-west-2:999999999999:vaults/examplevault"}]}',
        },
        vaultName='examplevault',
    )
    
    print(response)

  
  Expected Output:
  ::

    {
        'ResponseMetadata': {
            '...': '...',
        },
    }

  