Creating a Version for a Specified Identity Policy

Function

This API is used to create a version for a specified identity policy.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the following required identity policy-based permissions. For details about the required permissions, see Permissions Policies and Supported Actions.

Action	Access Level	Resource Type (*: required)	Condition Key	Alias	Dependencies
iam:policies:createVersionV5	Permission_management	policy *	-	-	-

URI

POST /v5/policies/{policy_id}/versions

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
policy_id	Yes	String	Identity policy ID. The value contains 1 to 64 characters, including only letters, digits, and hyphens (-).

Request Parameters

**Table 2** Request body parameters
Parameter	Mandatory	Type	Description
policy_document	Yes	String	JSON format of the policy document of a custom or a preset identity policy. Characters =, <, >, (, ), and \| are special characters in the grammar and are not included in policies. The question mark (?) following an element indicates that the element is optional, for example, sid_block?. The vertical bar (\|) separates options, and the parentheses enclose the options, for example, ("Allow" \| "Deny"). When an element allows more than one value, use commas (,), and ellipsis (...), for example, [ <policy_statement>, <policy_statement>, ... ]. The following listing describes the policy language grammar: policy = { <version_block>, <statement_block> } <version_block> = "Version" : ("5.0") <statement_block> = "Statement" : [ <policy_statement>, <policy_statement>, ... ] <policy_statement> = { <sid_block?>, <effect_block>, <action_block>, <resource_block?>, <condition_block?> } <sid_block> = "Sid" : <sid_string> <effect_block> = "Effect" : ("Allow" \| "Deny") <action_block> = ("Action" \| "NotAction") : [ <action_string>, <action_string>, ... ] <resource_block> = ("Resource" \| "NotResource") : [ <resource_string>, <resource_string>, ... ] <condition_block> = "Condition" : { <condition_map> } <condition_map> = { <condition_type_string> : { <condition_key_string> : <condition_value_list> }, <condition_type_string> : { <condition_key_string> : <condition_value_list> }, ... } <condition_value_list> = ( <condition_value> \| [ <condition_value>, <condition_value>, ... ] ) <condition_value> = "string"
set_as_default	No	Boolean	Indicates whether to set the version as the default version. Default: false

Table 2 Request body parameters

Parameter

Mandatory

Type

Description

policy_document

Yes

String

JSON format of the policy document of a custom or a preset identity policy. Characters =, <, >, (, ), and | are special characters in the grammar and are not included in policies.

The question mark (?) following an element indicates that the element is optional, for example, sid_block?.

The vertical bar (|) separates options, and the parentheses enclose the options, for example, ("Allow" | "Deny").

When an element allows more than one value, use commas (,), and ellipsis (...), for example, [ <policy_statement>, <policy_statement>, ... ].

The following listing describes the policy language grammar:

policy = {
  <version_block>,
  <statement_block>
}

<version_block> = "Version" : ("5.0")

<statement_block> = "Statement" : [ <policy_statement>, <policy_statement>, ... ]

<policy_statement> = {
  <sid_block?>,
  <effect_block>,
  <action_block>,
  <resource_block?>,
  <condition_block?>
}

<sid_block> = "Sid" : <sid_string>

<effect_block> = "Effect" : ("Allow" | "Deny")

<action_block> = ("Action" | "NotAction") : [ <action_string>, <action_string>, ... ]

<resource_block> = ("Resource" | "NotResource") : [ <resource_string>, <resource_string>, ... ]

<condition_block> = "Condition" : { <condition_map> }

<condition_map> = {
  <condition_type_string> : { <condition_key_string> : <condition_value_list> },
  <condition_type_string> : { <condition_key_string> : <condition_value_list> },
  ...
}

<condition_value_list> = ( <condition_value> | [ <condition_value>, <condition_value>, ... ] )

<condition_value> = "string"

set_as_default

Boolean

Indicates whether to set the version as the default version.

Default: false

Response Parameters

Status code: 201

**Table 3** Response body parameters
Parameter	Type	Description
policy_version	PolicyVersion object	Identity policy version.

**Table 4** PolicyVersion
Parameter	Type	Description
document	String	JSON format of the policy document of a custom or a preset identity policy. Characters =, <, >, (, ), and \| are special characters in the grammar and are not included in policies. The question mark (?) following an element indicates that the element is optional, for example, sid_block?. The vertical bar (\|) separates options, and the parentheses enclose the options, for example, ("Allow" \| "Deny"). When an element allows more than one value, use commas (,), and ellipsis (...), for example, [ <policy_statement>, <policy_statement>, ... ]. The following listing describes the policy language grammar: policy = { <version_block>, <statement_block> } <version_block> = "Version" : ("5.0") <statement_block> = "Statement" : [ <policy_statement>, <policy_statement>, ... ] <policy_statement> = { <sid_block?>, <effect_block>, <action_block>, <resource_block?>, <condition_block?> } <sid_block> = "Sid" : <sid_string> <effect_block> = "Effect" : ("Allow" \| "Deny") <action_block> = ("Action" \| "NotAction") : [ <action_string>, <action_string>, ... ] <resource_block> = ("Resource" \| "NotResource") : [ <resource_string>, <resource_string>, ... ] <condition_block> = "Condition" : { <condition_map> } <condition_map> = { <condition_type_string> : { <condition_key_string> : <condition_value_list> }, <condition_type_string> : { <condition_key_string> : <condition_value_list> }, ... } <condition_value_list> = ( <condition_value> \| [ <condition_value>, <condition_value>, ... ] ) <condition_value> = "string"
version_id	String	Identity policy version. The value is a character string starting with v and followed by digits, for example, v5.
is_default	Boolean	Indicates whether the version is the default version.
created_at	String	Time when an identity policy version was created.

Status code: 400

**Table 5** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.

Status code: 403

**Table 6** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
request_id	String	Request ID.
encoded_authorization_message	String	Encrypted authentication failure information, which can be decrypted using the STS5 decryption API.

Status code: 404

**Table 7** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
request_id	String	Request ID.

Status code: 409

**Table 8** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error message.
request_id	String	Request ID.

Example Requests

Creating a version for a specified identity policy and setting it as the default version

POST https://{endpoint}/v5/policies/{policy_id}/versions

{
  "policy_document" : "{\"Version\":\"5.0\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":[\"*\"]}]}",
  "set_as_default" : true
}

Example Responses

Status code: 201

Successful

{
  "policy_version" : {
    "document" : "{\"Version\":\"5.0\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":[\"*\"]}]}",
    "version_id" : "v2",
    "is_default" : true,
    "created_at" : "2023-09-25T08:00:51.537Z"
  }
}