CreateAccessPolicy - Amazon OpenSearch Serverless

CreateAccessPolicy

Creates a data access policy for OpenSearch Serverless. Access policies limit access to collections and the resources within them, and allow a user to access that data irrespective of the access mechanism or network source. For more information, see Data access control for Amazon OpenSearch Serverless.

Request Syntax

{ "clientToken": "string", "description": "string", "name": "string", "policy": "string", "type": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

clientToken

Unique, case-sensitive identifier to ensure idempotency of the request.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 512.

Required: No

description

A description of the policy. Typically used to store information about the permissions defined in the policy.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 1000.

Required: No

name

The name of the policy.

Type: String

Length Constraints: Minimum length of 3. Maximum length of 32.

Pattern: ^[a-z][a-z0-9-]+$

Required: Yes

policy

The JSON policy document to use as the content for the policy.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 20480.

Pattern: [\u0009\u000A\u000D\u0020-\u007E\u00A1-\u00FF]+

Required: Yes

type

The type of policy.

Type: String

Valid Values: data

Required: Yes

Response Syntax

{ "accessPolicyDetail": { "createdDate": number, "description": "string", "lastModifiedDate": number, "name": "string", "policy": JSON value, "policyVersion": "string", "type": "string" } }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

accessPolicyDetail

Details about the created access policy.

Type: AccessPolicyDetail object

Errors

For information about the errors that are common to all actions, see Common Errors.

ConflictException

When creating a resource, thrown when a resource with the same name already exists or is being created. When deleting a resource, thrown when the resource is not in the ACTIVE or FAILED state.

HTTP Status Code: 400

InternalServerException

Thrown when an error internal to the service occurs while processing a request.

HTTP Status Code: 500

ServiceQuotaExceededException

Thrown when you attempt to create more resources than the service allows based on service quotas.

HTTP Status Code: 400

ValidationException

Thrown when the HTTP request contains invalid input or is missing required input.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: