SupportAuthZ / Client / create_support_permit
create_support_permit¶
- SupportAuthZ.Client.create_support_permit(**kwargs)¶
Creates a support permit that authorizes an AWS support operator to perform specified actions on specified resources. The permit is cryptographically signed using a customer-managed AWS KMS key (ECC_NIST_P384, SIGN_VERIFY) to ensure non-repudiation.
See also: AWS API Documentation
Request Syntax
response = client.create_support_permit( permit={ 'actions': { 'allActions': {} , 'actions': [ 'string', ] }, 'resources': { 'allResourcesInRegion': {} , 'resources': [ 'string', ] }, 'conditions': [ { 'allowAfter': datetime(2015, 1, 1), 'allowBefore': datetime(2015, 1, 1) }, ] }, name='string', description='string', signingKeyInfo={ 'kmsKey': 'string' }, supportCaseDisplayId='string', clientToken='string', tags={ 'string': 'string' } )
- Parameters:
permit (dict) –
[REQUIRED]
The permit definition specifying the actions, resources, and time-window conditions that the support operator is authorized to use.
actions (dict) – [REQUIRED]
The set of actions that the support operator is authorized to perform.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
allActions,actions.allActions (dict) –
Authorizes all available support actions.
actions (list) –
A list of specific support actions to authorize. Maximum of 10 actions.
(string) –
resources (dict) – [REQUIRED]
The set of resources that the support operator is authorized to act upon.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
allResourcesInRegion,resources.allResourcesInRegion (dict) –
Authorizes the support operator to act on all resources in the Region.
resources (list) –
A list of specific resource identifiers that the support operator is authorized to act upon. Maximum of 5 resources.
(string) –
conditions (list) –
The time-window conditions that constrain when the permit is valid. Maximum of 2 conditions.
(dict) –
A time-window condition that constrains when a support permit is valid.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
allowAfter,allowBefore.allowAfter (datetime) –
The earliest time at which the permit becomes valid.
allowBefore (datetime) –
The latest time at which the permit remains valid.
name (string) –
[REQUIRED]
A customer-chosen name for the support permit. Must be between 1 and 256 alphanumeric characters.
description (string) – A human-readable description of why this permit is being created. Maximum length of 1024 characters.
signingKeyInfo (dict) –
[REQUIRED]
The signing key information used to sign the permit. Must reference an AWS KMS key with key usage SIGN_VERIFY and key spec ECC_NIST_P384.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
kmsKey.kmsKey (string) –
The ARN of the AWS KMS key used to sign the permit. The key must have key spec ECC_NIST_P384 and key usage SIGN_VERIFY.
supportCaseDisplayId (string) – The display identifier of the AWS Support case associated with this permit.
clientToken (string) –
A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, the service returns the existing permit without creating a duplicate.
This field is autopopulated if not provided.
tags (dict) –
The tags to associate with the support permit on creation.
(string) –
(string) –
- Return type:
dict
- Returns:
Response Syntax
{ 'name': 'string', 'arn': 'string', 'description': 'string', 'permit': { 'actions': { 'allActions': {}, 'actions': [ 'string', ] }, 'resources': { 'allResourcesInRegion': {}, 'resources': [ 'string', ] }, 'conditions': [ { 'allowAfter': datetime(2015, 1, 1), 'allowBefore': datetime(2015, 1, 1) }, ] }, 'status': 'ACTIVE'|'INACTIVE'|'DELETING', 'signingKeyInfo': { 'kmsKey': 'string' }, 'createdAt': datetime(2015, 1, 1), 'supportCaseDisplayId': 'string', 'tags': { 'string': 'string' } }
Response Structure
(dict) –
name (string) –
The name of the support permit.
arn (string) –
The Amazon Resource Name (ARN) of the support permit.
description (string) –
The description of the support permit.
permit (dict) –
The permit definition.
actions (dict) –
The set of actions that the support operator is authorized to perform.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
allActions,actions. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
allActions (dict) –
Authorizes all available support actions.
actions (list) –
A list of specific support actions to authorize. Maximum of 10 actions.
(string) –
resources (dict) –
The set of resources that the support operator is authorized to act upon.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
allResourcesInRegion,resources. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
allResourcesInRegion (dict) –
Authorizes the support operator to act on all resources in the Region.
resources (list) –
A list of specific resource identifiers that the support operator is authorized to act upon. Maximum of 5 resources.
(string) –
conditions (list) –
The time-window conditions that constrain when the permit is valid. Maximum of 2 conditions.
(dict) –
A time-window condition that constrains when a support permit is valid.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
allowAfter,allowBefore. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
allowAfter (datetime) –
The earliest time at which the permit becomes valid.
allowBefore (datetime) –
The latest time at which the permit remains valid.
status (string) –
The current status of the support permit.
signingKeyInfo (dict) –
The signing key information for the permit.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
kmsKey. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
kmsKey (string) –
The ARN of the AWS KMS key used to sign the permit. The key must have key spec ECC_NIST_P384 and key usage SIGN_VERIFY.
createdAt (datetime) –
The timestamp when the permit was created.
supportCaseDisplayId (string) –
The display identifier of the support case associated with the permit.
tags (dict) –
The tags associated with the support permit.
(string) –
(string) –
Exceptions