CreateSupportPermit
Creates a support permit that authorizes an AWS support operator to perform specified actions on specified resources. The permit is cryptographically signed using a customer-managed AWS KMS key (ECC_NIST_P384, SIGN_VERIFY) to ensure non-repudiation.
Request Syntax
POST /support-permits HTTP/1.1
Content-type: application/json
{
"clientToken": "string",
"description": "string",
"name": "string",
"permit": {
"actions": { ... },
"conditions": [
{ ... }
],
"resources": { ... }
},
"signingKeyInfo": { ... },
"supportCaseDisplayId": "string",
"tags": {
"string" : "string"
}
}
URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
-
A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, the service returns the existing permit without creating a duplicate.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern:
[!-~]+Required: No
-
A human-readable description of why this permit is being created. Maximum length of 1024 characters.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Required: No
-
A customer-chosen name for the support permit. Must be between 1 and 256 alphanumeric characters.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 256.
Pattern:
[a-zA-Z0-9]{1,256}Required: Yes
-
The permit definition specifying the actions, resources, and time-window conditions that the support operator is authorized to use.
Type: Permit object
Required: Yes
-
The signing key information used to sign the permit. Must reference an AWS KMS key with key usage SIGN_VERIFY and key spec ECC_NIST_P384.
Type: SigningKeyInfo object
Note: This object is a Union. Only one member of this object can be specified or returned.
Required: Yes
-
The display identifier of the AWS Support case associated with this permit.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 512.
Pattern:
[a-zA-Z0-9:/-]{1,512}Required: No
-
The tags to associate with the support permit on creation.
Type: String to string map
Map Entries: Minimum number of 0 items. Maximum number of 50 items.
Key Length Constraints: Minimum length of 1. Maximum length of 128.
Value Length Constraints: Minimum length of 0. Maximum length of 256.
Required: No
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"arn": "string",
"createdAt": number,
"description": "string",
"name": "string",
"permit": {
"actions": { ... },
"conditions": [
{ ... }
],
"resources": { ... }
},
"signingKeyInfo": { ... },
"status": "string",
"supportCaseDisplayId": "string",
"tags": {
"string" : "string"
}
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
-
The Amazon Resource Name (ARN) of the support permit.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 512.
Pattern:
arn:[a-z0-9-]+:[a-z0-9-]+:[a-z0-9-]*:[0-9]{12}:.+ -
The timestamp when the permit was created.
Type: Timestamp
-
The description of the support permit.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
-
The name of the support permit.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 256.
Pattern:
[a-zA-Z0-9]{1,256} -
The permit definition.
Type: Permit object
-
The signing key information for the permit.
Type: SigningKeyInfo object
Note: This object is a Union. Only one member of this object can be specified or returned.
-
The current status of the support permit.
Type: String
Valid Values:
ACTIVE | INACTIVE | DELETING -
The display identifier of the support case associated with the permit.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 512.
Pattern:
[a-zA-Z0-9:/-]{1,512} -
The tags associated with the support permit.
Type: String to string map
Map Entries: Minimum number of 0 items. Maximum number of 50 items.
Key Length Constraints: Minimum length of 1. Maximum length of 128.
Value Length Constraints: Minimum length of 0. Maximum length of 256.
Errors
For information about the errors that are common to all actions, see Common Error Types.
- AccessDeniedException
-
You don't have sufficient permissions to perform this operation.
HTTP Status Code: 403
- ConflictException
-
The request conflicts with the current state of the resource.
- resourceId
-
The identifier of the resource that caused the conflict.
- resourceType
-
The type of the resource that caused the conflict.
HTTP Status Code: 409
- InternalServerException
-
An internal service error occurred. Try again later.
- retryAfterSeconds
-
The number of seconds to wait before retrying the request.
HTTP Status Code: 500
- ServiceQuotaExceededException
-
The request exceeds a service quota for your account.
- quotaCode
-
The quota code of the exceeded quota.
- resourceId
-
The identifier of the resource that exceeded the quota.
- resourceType
-
The type of the resource that exceeded the quota.
- serviceCode
-
The service code of the originating service.
HTTP Status Code: 402
- ThrottlingException
-
The request rate exceeded the allowed limit. Try again later.
- retryAfterSeconds
-
The number of seconds to wait before retrying the request.
HTTP Status Code: 429
- ValidationException
-
The input fails to satisfy the constraints specified by the service.
- fieldList
-
A list of fields that fail validation. Each entry identifies the field and the reason for the constraint violation.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: