Navigation Guide
You are on a Command (operation) page with structural examples. Use the navigation breadcrumb if you would like to return to the Client landing page.

PutPermissionCommand

Running PutPermission permits the specified Amazon Web Services account or Amazon Web Services organization to put events to the specified event bus. Amazon EventBridge (CloudWatch Events) rules in your account are triggered by these events arriving to an event bus in your account.

For another account to send events to your account, that external account must have an EventBridge rule with your account's event bus as a target.

To enable multiple Amazon Web Services accounts to put events to your event bus, run PutPermission once for each of these accounts. Or, if all the accounts are members of the same Amazon Web Services organization, you can run PutPermission once specifying Principal as "*" and specifying the Amazon Web Services organization ID in Condition, to grant permissions to all accounts in that organization.

If you grant permissions using an organization, then accounts in that organization must specify a RoleArn with proper permissions when they use PutTarget to add your account's event bus as a target. For more information, see Sending and Receiving Events Between Amazon Web Services Accounts in the Amazon EventBridge User Guide.

The permission policy on the event bus cannot exceed 10 KB in size.

Example Syntax

Use a bare-bones client and the command you need to make an API call.

import { CloudWatchEventsClient, PutPermissionCommand } from "@aws-sdk/client-cloudwatch-events"; // ES Modules import
// const { CloudWatchEventsClient, PutPermissionCommand } = require("@aws-sdk/client-cloudwatch-events"); // CommonJS import
const client = new CloudWatchEventsClient(config);
const input = { // PutPermissionRequest
  EventBusName: "STRING_VALUE",
  Action: "STRING_VALUE",
  Principal: "STRING_VALUE",
  StatementId: "STRING_VALUE",
  Condition: { // Condition
    Type: "STRING_VALUE", // required
    Key: "STRING_VALUE", // required
    Value: "STRING_VALUE", // required
  },
  Policy: "STRING_VALUE",
};
const command = new PutPermissionCommand(input);
const response = await client.send(command);
// {};

PutPermissionCommand Input

See PutPermissionCommandInput for more details

Parameter	Type	Description
`Action`	`string \| undefined`	The action that you are enabling the other account to perform.
`Condition`	`Condition \| undefined`	This parameter enables you to limit the permission to accounts that fulfill a certain condition, such as being a member of a certain Amazon Web Services organization. For more information about Amazon Web Services Organizations, see What Is Amazon Web Services Organizations in the Amazon Web Services Organizations User Guide. If you specify `Condition` with an Amazon Web Services organization ID, and specify "*" as the value for `Principal`, you grant permission to all the accounts in the named organization. The `Condition` is a JSON string which must contain `Type`, `Key`, and `Value` fields.
`EventBusName`	`string \| undefined`	The name of the event bus associated with the rule. If you omit this, the default event bus is used.
`Policy`	`string \| undefined`	A JSON string that describes the permission policy statement. You can include a `Policy` parameter in the request instead of using the `StatementId`, `Action`, `Principal`, or `Condition` parameters.
`Principal`	`string \| undefined`	The 12-digit Amazon Web Services account ID that you are permitting to put events to your default event bus. Specify "" to permit any account to put events to your default event bus. If you specify "" without specifying `Condition`, avoid creating rules that may match undesirable events. To create more secure rules, make sure that the event pattern for each rule contains an `account` field with a specific account ID from which to receive events. Rules with an account field do not match any events sent from other accounts.
`StatementId`	`string \| undefined`	An identifier string for the external account that you are granting permissions to. If you later want to revoke the permission for this external account, specify this `StatementId` when you run RemovePermission .

PutPermissionCommand Output

See PutPermissionCommandOutput for details

Parameter	Type	Description
`$metadata` Required	`ResponseMetadata`	Metadata pertaining to this request.

Throws

Name	Fault	Details
ConcurrentModificationException	client	There is concurrent modification on a rule, target, archive, or replay.
InternalException	server	This exception occurs due to unexpected causes.
OperationDisabledException	client	The operation you are attempting is not available in this region.
PolicyLengthExceededException	client	The event bus policy is too long. For more information, see the limits.
ResourceNotFoundException	client	An entity that you specified does not exist.
CloudWatchEventsServiceException		Base exception class for all service exceptions from CloudWatchEvents service.

Getting Started

References

PutPermissionCommand

Example Syntax

PutPermissionCommand Input

PutPermissionCommand Output

Throws