AWS::APS::ResourcePolicyCfnResourcePolicy
Use resource-based policies to grant permissions to other AWS accounts or services to access your workspace. Only Prometheus-compatible APIs can be used for workspace sharing. You can add non-Prometheus-compatible APIs to the policy, but they will be ignored. For more information, see [Prometheus-compatible APIs](https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-APIReference-Prometheus-Compatible-Apis.html) in the *Amazon Managed Service for Prometheus User Guide* . If your workspace uses customer-managed AWS keys for encryption, you must grant the principals in your resource-based policy access to those AWS keys. You can do this by creating AWS grants. For more information, see [CreateGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html) in the *AWS API Reference* and [Encryption at rest](https://docs.aws.amazon.com/prometheus/latest/userguide/encryption-at-rest-Amazon-Service-Prometheus.html) in the *Amazon Managed Service for Prometheus User Guide* . For more information about working with IAM , see [Using Amazon Managed Service for Prometheus with IAM](https://docs.aws.amazon.com/prometheus/latest/userguide/security_iam_service-with-iam.html) in the *Amazon Managed Service for Prometheus User Guide* .
Import
import { CfnResourcePolicy } from 'aws-cdk-lib/aws-aps';Or use the module namespace:
import * as aps from 'aws-cdk-lib/aws-aps';
// aps.CfnResourcePolicyProperties
Configuration passed to the constructor as CfnResourcePolicyProps.
policyDocumentRequiredstringThe JSON to use as the Resource-based Policy.
workspaceArnRequiredstringAn ARN identifying a Workspace.
CloudFormation Resource
This L1 construct maps directly to the following CloudFormation resource type.
Learn AWS the Practical Way
Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.
Subscribe to NewsletterQuick Facts
aws-apsAWS::APS::ResourcePolicy