permissions
Creates, updates, deletes or gets a permission resource or lists permissions in a region
Overview
| Name | permissions |
| Type | Resource |
| Description | Definition of AWS::QBusiness::Permission Resource Type |
| Id | awscc.qbusiness.permissions |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
application_id | string | |
statement_id | string | |
actions | array | |
conditions | array | |
principal | string | |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
application_id | string | |
statement_id | string | |
region | string | AWS region. |
For more information, see AWS::QBusiness::Permission.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | permissions | INSERT | ApplicationId, StatementId, Actions, Principal, region |
delete_resource | permissions | DELETE | Identifier, region |
list_resources | permissions_list_only | SELECT | region |
get_resource | permissions | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual permission.
SELECT
region,
application_id,
statement_id,
actions,
conditions,
principal
FROM awscc.qbusiness.permissions
WHERE
region = 'us-east-1' AND
Identifier = '{{ application_id }}|{{ statement_id }}';
Lists all permissions in a region.
SELECT
region,
application_id,
statement_id
FROM awscc.qbusiness.permissions_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new permission resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.qbusiness.permissions (
ApplicationId,
StatementId,
Actions,
Principal,
region
)
SELECT
'{{ application_id }}',
'{{ statement_id }}',
'{{ actions }}',
'{{ principal }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.qbusiness.permissions (
ApplicationId,
StatementId,
Actions,
Conditions,
Principal,
region
)
SELECT
'{{ application_id }}',
'{{ statement_id }}',
'{{ actions }}',
'{{ conditions }}',
'{{ principal }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: permission
props:
- name: application_id
value: '{{ application_id }}'
- name: statement_id
value: '{{ statement_id }}'
- name: actions
value:
- '{{ actions[0] }}'
- name: conditions
value:
- condition_operator: '{{ condition_operator }}'
condition_key: '{{ condition_key }}'
condition_values:
- '{{ condition_values[0] }}'
- name: principal
value: '{{ principal }}'
DELETE example
/*+ delete */
DELETE FROM awscc.qbusiness.permissions
WHERE
Identifier = '{{ application_id }}|{{ statement_id }}' AND
region = 'us-east-1';
Permissions
To operate on the permissions resource, the following permissions are required:
- Create
- Read
- Delete
- List
qbusiness:AssociatePermission,
qbusiness:PutResourcePolicy
qbusiness:GetPolicy
qbusiness:DisassociatePermission,
qbusiness:PutResourcePolicy
qbusiness:GetPolicy