associateResourceShare method

Future<AssociateResourceShareResponse> associateResourceShare({ required String resourceShareArn, String? clientToken, List<String>? principals, List<String>? resourceArns, List<String>? sources, })

Adds the specified list of principals, resources, and source constraints to a resource share. Principals that already have access to this resource share immediately receive access to the added resources. Newly added principals immediately receive access to the resources shared in this resource share.

May throw IdempotentParameterMismatchException. May throw InvalidClientTokenException. May throw InvalidParameterException. May throw InvalidStateTransitionException. May throw MalformedArnException. May throw OperationNotPermittedException. May throw ResourceShareLimitExceededException. May throw ServerInternalException. May throw ServiceUnavailableException. May throw ThrottlingException. May throw UnknownResourceException.

Parameter resourceShareArn : Specifies the Amazon Resource Name (ARN) of the resource share that you want to add principals or resources to.

Parameter clientToken : Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a UUID type of value..

If you don't provide this value, then Amazon Web Services generates a random one for you.

If you retry the operation with the same ClientToken, but with different parameters, the retry fails with an IdempotentParameterMismatch error.

Parameter principals : Specifies a list of principals to whom you want to the resource share. This can be null if you want to add only resources.

What the principals can do with the resources in the share is determined by the RAM permissions that you associate with the resource share. See AssociateResourceSharePermission.

You can include the following values:

• An Amazon Web Services account ID, for example: 123456789012
• An Amazon Resource Name (ARN) of an organization in Organizations, for example: organizations::123456789012:organization/o-exampleorgid
• An ARN of an organizational unit (OU) in Organizations, for example: organizations::123456789012:ou/o-exampleorgid/ou-examplerootid-exampleouid123
• An ARN of an IAM role, for example: iam::123456789012:role/rolename
• An ARN of an IAM user, for example: iam::123456789012user/username
• A service principal name, for example: service-id.amazonaws.com

Parameter resourceArns : Specifies a list of Amazon Resource Names (ARNs) of the resources that you want to share. This can be null if you want to add only principals.

Parameter sources : Specifies source constraints (accounts, ARNs, organization IDs, or organization paths) that limit when service principals can access resources in this resource share. When a service principal attempts to access a shared resource, validation is performed to ensure the request originates from one of the specified sources. This helps prevent confused deputy attacks by applying constraints on where service principals can access resources from.

Implementation

Future<AssociateResourceShareResponse> associateResourceShare({
  required String resourceShareArn,
  String? clientToken,
  List<String>? principals,
  List<String>? resourceArns,
  List<String>? sources,
}) async {
  final $payload = <String, dynamic>{
    'resourceShareArn': resourceShareArn,
    if (clientToken != null) 'clientToken': clientToken,
    if (principals != null) 'principals': principals,
    if (resourceArns != null) 'resourceArns': resourceArns,
    if (sources != null) 'sources': sources,
  };
  final response = await _protocol.send(
    payload: $payload,
    method: 'POST',
    requestUri: '/associateresourceshare',
    exceptionFnMap: _exceptionFns,
  );
  return AssociateResourceShareResponse.fromJson(response);
}