Adding a Custom Identity Policy

Function

This API is used to add a custom identity policy to a specified permission set.

URI

PUT /v1/instances/{instance_id}/permission-sets/{permission_set_id}/custom-policy

**Table 1** Path parameters
Parameter	Mandatory	Type	Description
instance_id	Yes	String	Globally unique ID of an IAM Identity Center instance
permission_set_id	Yes	String	Globally unique ID of a permission set

Request Parameters

**Table 2** Parameters in the request header
Parameter	Mandatory	Type	Description
X-Security-Token	No	String	Security token (session token) of your temporary security credentials. If a temporary security credential is used, this header is required. Maximum length: 2048

**Table 3** Parameters in the request body
Parameter	Mandatory	Type	Description
custom_policy	Yes	String	Custom identity policy added to the permission set Minimum length: 1 Maximum length: 131,072

Response Parameters

Status code: 400

**Table 4** Parameters in the response body
Parameter	Type	Description
error_code	String	Error code
error_msg	String	Error message
request_id	String	Unique ID of a request

Status code: 403

**Table 5** Parameters in the response body
Parameter	Type	Description
error_code	String	Error code
error_msg	String	Error message
request_id	String	Unique ID of a request

Status code: 409

**Table 6** Parameters in the response body
Parameter	Type	Description
error_code	String	Error code
error_msg	String	Error message
request_id	String	Unique ID of a request

Example Request

Adding a custom identity policy to a specified permission set

PUT https://{hostname}/v1/instances/{instance_id}/permission-sets/{permission_set_id}/custom-policy

{
  "custom_policy" : "{\"Version\":\"5.0\",\"Statement\":[{\"Effect\":\"Deny\",\"Action\":[\"organizations:ous:delete\"],\"Condition\":{\"StringEquals\":{\"g:ResourceAccount\":[\"0a6d25d23900d45c0faac010e0fb4de0\"]}}}]}"
}