putResourcePolicy method

Future<PutResourcePolicyOutput> putResourcePolicy({
  1. required String policy,
  2. required String resourceArn,
  3. bool? confirmRemoveSelfResourceAccess,
  4. String? expectedRevisionId,
})

Attaches a resource-based policy document to the resource, which can be a table or stream. When you attach a resource-based policy using this API, the policy application is eventually consistent .

PutResourcePolicy is an idempotent operation; running it multiple times on the same resource using the same policy document will return the same revision ID. If you specify an ExpectedRevisionId that doesn't match the current policy's RevisionId, the PolicyNotFoundException will be returned.

May throw InternalServerError. May throw InvalidEndpointException. May throw LimitExceededException. May throw PolicyNotFoundException. May throw ResourceInUseException. May throw ResourceNotFoundException.

Parameter policy : An Amazon Web Services resource-based policy document in JSON format.

  • The maximum size supported for a resource-based policy document is 20 KB. DynamoDB counts whitespaces when calculating the size of a policy against this limit.
  • Within a resource-based policy, if the action for a DynamoDB service-linked role (SLR) to replicate data for a global table is denied, adding or deleting a replica will fail with an error.
For a full list of all considerations that apply while attaching a resource-based policy, see Resource-based policy considerations.

Parameter resourceArn : The Amazon Resource Name (ARN) of the DynamoDB resource to which the policy will be attached. The resources you can specify include tables and streams.

You can control index permissions using the base table's policy. To specify the same permission level for your table and its indexes, you can provide both the table and index Amazon Resource Name (ARN)s in the Resource field of a given Statement in your policy document. Alternatively, to specify different permissions for your table, indexes, or both, you can define multiple Statement fields in your policy document.

Parameter confirmRemoveSelfResourceAccess : Set this parameter to true to confirm that you want to remove your permissions to change the policy of this resource in the future.

Parameter expectedRevisionId : A string value that you can use to conditionally update your policy. You can provide the revision ID of your existing policy to make mutating requests against that policy. To conditionally attach a policy when no policy exists for the resource, specify NO_POLICY for the revision ID.

Implementation

Future<PutResourcePolicyOutput> putResourcePolicy({
  required String policy,
  required String resourceArn,
  bool? confirmRemoveSelfResourceAccess,
  String? expectedRevisionId,
}) async {
  final headers = <String, String>{
    'Content-Type': 'application/x-amz-json-1.0',
    'X-Amz-Target': 'DynamoDB_20120810.PutResourcePolicy'
  };
  final jsonResponse = await _protocol.send(
    method: 'POST',
    requestUri: '/',
    exceptionFnMap: _exceptionFns,
    // TODO queryParams
    headers: headers,
    payload: {
      'Policy': policy,
      'ResourceArn': resourceArn,
      if (confirmRemoveSelfResourceAccess != null)
        'ConfirmRemoveSelfResourceAccess': confirmRemoveSelfResourceAccess,
      if (expectedRevisionId != null)
        'ExpectedRevisionId': expectedRevisionId,
    },
  );

  return PutResourcePolicyOutput.fromJson(jsonResponse.body);
}