View a markdown version of this page

CreateSupportPermit - AWS Support authorization

CreateSupportPermit

Creates a support permit that authorizes an AWS support operator to perform specified actions on specified resources. The permit is cryptographically signed using a customer-managed AWS KMS key (ECC_NIST_P384, SIGN_VERIFY) to ensure non-repudiation.

Request Syntax

POST /support-permits HTTP/1.1 Content-type: application/json { "clientToken": "string", "description": "string", "name": "string", "permit": { "actions": { ... }, "conditions": [ { ... } ], "resources": { ... } }, "signingKeyInfo": { ... }, "supportCaseDisplayId": "string", "tags": { "string" : "string" } }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

clientToken

A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, the service returns the existing permit without creating a duplicate.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [!-~]+

Required: No

description

A human-readable description of why this permit is being created. Maximum length of 1024 characters.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 1024.

Required: No

name

A customer-chosen name for the support permit. Must be between 1 and 256 alphanumeric characters.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: [a-zA-Z0-9]{1,256}

Required: Yes

permit

The permit definition specifying the actions, resources, and time-window conditions that the support operator is authorized to use.

Type: Permit object

Required: Yes

signingKeyInfo

The signing key information used to sign the permit. Must reference an AWS KMS key with key usage SIGN_VERIFY and key spec ECC_NIST_P384.

Type: SigningKeyInfo object

Note: This object is a Union. Only one member of this object can be specified or returned.

Required: Yes

supportCaseDisplayId

The display identifier of the AWS Support case associated with this permit.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 512.

Pattern: [a-zA-Z0-9:/-]{1,512}

Required: No

tags

The tags to associate with the support permit on creation.

Type: String to string map

Map Entries: Minimum number of 0 items. Maximum number of 50 items.

Key Length Constraints: Minimum length of 1. Maximum length of 128.

Value Length Constraints: Minimum length of 0. Maximum length of 256.

Required: No

Response Syntax

HTTP/1.1 200 Content-type: application/json { "arn": "string", "createdAt": number, "description": "string", "name": "string", "permit": { "actions": { ... }, "conditions": [ { ... } ], "resources": { ... } }, "signingKeyInfo": { ... }, "status": "string", "supportCaseDisplayId": "string", "tags": { "string" : "string" } }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

arn

The Amazon Resource Name (ARN) of the support permit.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 512.

Pattern: arn:[a-z0-9-]+:[a-z0-9-]+:[a-z0-9-]*:[0-9]{12}:.+

createdAt

The timestamp when the permit was created.

Type: Timestamp

description

The description of the support permit.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 1024.

name

The name of the support permit.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: [a-zA-Z0-9]{1,256}

permit

The permit definition.

Type: Permit object

signingKeyInfo

The signing key information for the permit.

Type: SigningKeyInfo object

Note: This object is a Union. Only one member of this object can be specified or returned.

status

The current status of the support permit.

Type: String

Valid Values: ACTIVE | INACTIVE | DELETING

supportCaseDisplayId

The display identifier of the support case associated with the permit.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 512.

Pattern: [a-zA-Z0-9:/-]{1,512}

tags

The tags associated with the support permit.

Type: String to string map

Map Entries: Minimum number of 0 items. Maximum number of 50 items.

Key Length Constraints: Minimum length of 1. Maximum length of 128.

Value Length Constraints: Minimum length of 0. Maximum length of 256.

Errors

For information about the errors that are common to all actions, see Common Error Types.

AccessDeniedException

You don't have sufficient permissions to perform this operation.

HTTP Status Code: 403

ConflictException

The request conflicts with the current state of the resource.

resourceId

The identifier of the resource that caused the conflict.

resourceType

The type of the resource that caused the conflict.

HTTP Status Code: 409

InternalServerException

An internal service error occurred. Try again later.

retryAfterSeconds

The number of seconds to wait before retrying the request.

HTTP Status Code: 500

ServiceQuotaExceededException

The request exceeds a service quota for your account.

quotaCode

The quota code of the exceeded quota.

resourceId

The identifier of the resource that exceeded the quota.

resourceType

The type of the resource that exceeded the quota.

serviceCode

The service code of the originating service.

HTTP Status Code: 402

ThrottlingException

The request rate exceeded the allowed limit. Try again later.

retryAfterSeconds

The number of seconds to wait before retrying the request.

HTTP Status Code: 429

ValidationException

The input fails to satisfy the constraints specified by the service.

fieldList

A list of fields that fail validation. Each entry identifies the field and the reason for the constraint violation.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: