Available in Classic and VPC
Create a User Created policy.
Note
Up to 500 policies can be created.
Request
This section describes the request format. The method and URI are as follows:
| Method | URI |
|---|---|
| POST | /api/v1/policies |
Request headers
For information about the headers common to all Sub Account APIs, see Sub Account request headers.
Request body
You can include the following data in the body of your request:
| Field | Type | Required | Description |
|---|---|---|---|
policyName |
String | Required | Policy name
|
description |
String | Optional | Description of the policy (byte)
|
permissions |
Array | Required | Allowed permission list |
tags |
Map | Optional | Policy's tag
|
permissions
The following describes permissions.
| Field | Type | Required | Description |
|---|---|---|---|
effect |
String | Required | Permission allowance
|
targets |
Array | Required | Permission allowance target |
condition |
Object | Optional | Policy condition |
condition.{operator} |
Object | Optional | Policy condition operator |
condition.{operator}.{key} |
Object | Optional | Policy condition key |
condition.{operator}.{value} |
Array | Optional | Policy condition value |
targets
The following describes targets.
| Field | Type | Required | Description |
|---|---|---|---|
product |
String | Required | Allowable service code |
actions |
Array | Required | Allowable action
|
resourceNrns |
Array | Required | NAVER Cloud Platform resource identification value for the allowable target
|
Request example
The request example is as follows:
curl --location --request POST 'https://subaccount.apigw.ntruss.com/api/v1/policies' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{
"policyName": "mypolicy2",
"permissions": [
{
"effect": "Allow",
"targets": [
{
"product": "AiTEMS",
"actions": [
"View*", "Change*"
],
"resourceNrns": [
"*"
]
}
]
}
],
"tags": {
"env": "dev",
"team": "a"
}
}
Response
This section describes the response format.
Response body
The response body includes the following data:
| Field | Type | Required | Description |
|---|---|---|---|
policyId |
String | - | Policy ID |
policyName |
String | - | Policy Name |
description |
String | - | Policy description |
validationResult |
Object | - | Validity check results |
validationResult.details |
Array | - | Validity check detailed results |
validationResult.success |
Boolean | - | Validity check results
|
tags |
Map | - | Policy's tag |
validationResult.details
The following describes validationResult.details.
| Field | Type | Required | Description |
|---|---|---|---|
type |
String | - | Check result type
|
code |
String | - | Detailed code |
location |
String | - | Check location |
message |
String | - | Check result message |
Response status codes
For information about the HTTP status codes common to all Sub Account APIs, see Sub Account response status codes.
Response example
The response example is as follows:
{
"policyId": "ec5a5dd0-****-****-****-246e966ebeb4",
"policyName": "mypolicy2",
"validationResult": {
"details": [],
"success": true
},
"tags": {
"env": "dev",
"team": "a"
}
}