You are viewing documentation for version 3 of the AWS SDK for Ruby. Version 2 documentation can be found here.

Class: Aws::IAM::Policy

Inherits:
Object
  • Object
show all
Defined in:
gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb

Defined Under Namespace

Classes: Collection

Actions collapse

Associations collapse

Read-Only Attributes collapse

Instance Method Summary collapse

Constructor Details

#initialize(arn, options = {}) ⇒ Policy #initialize(options = {}) ⇒ Policy

Returns a new instance of Policy

Overloads:

  • #initialize(arn, options = {}) ⇒ Policy

    Parameters:

    • arn (String)

    Options Hash (options):

  • #initialize(options = {}) ⇒ Policy

    Options Hash (options):

    • :arn (required, String)
    • :client (Client)


19
20
21
22
23
24
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 19

def initialize(*args)
  options = Hash === args.last ? args.pop.dup : {}
  @arn = extract_arn(args, options)
  @data = options.delete(:data)
  @client = options.delete(:client) || Client.new(options)
end

Instance Method Details

#arnString

Returns:

  • (String)


29
30
31
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 29

def arn
  @arn
end

#attach_group(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


policy.attach_group({
  group_name: "groupNameType", # required
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :group_name (required, String)

    The name (friendly name, not ARN) of the group to attach the policy to.

    This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

Returns:

  • (EmptyStructure)


178
179
180
181
182
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 178

def attach_group(options = {})
  options = options.merge(policy_arn: @arn)
  resp = @client.attach_group_policy(options)
  resp.data
end

#attach_role(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


policy.attach_role({
  role_name: "roleNameType", # required
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :role_name (required, String)

    The name (friendly name, not ARN) of the role to attach the policy to.

    This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

Returns:

  • (EmptyStructure)


202
203
204
205
206
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 202

def attach_role(options = {})
  options = options.merge(policy_arn: @arn)
  resp = @client.attach_role_policy(options)
  resp.data
end

#attach_user(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


policy.attach_user({
  user_name: "userNameType", # required
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :user_name (required, String)

    The name (friendly name, not ARN) of the IAM user to attach the policy to.

    This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

Returns:

  • (EmptyStructure)


227
228
229
230
231
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 227

def attach_user(options = {})
  options = options.merge(policy_arn: @arn)
  resp = @client.attach_user_policy(options)
  resp.data
end

#attached_groups(options = {}) ⇒ Group::Collection

Examples:

Request syntax with placeholder values


attached_groups = policy.attached_groups({
  path_prefix: "pathType",
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :path_prefix (String)

    The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all entities.

    This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

Returns:



390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 390

def attached_groups(options = {})
  batches = Enumerator.new do |y|
    options = options.merge(
      policy_arn: @arn,
      entity_filter: "Group"
    )
    resp = @client.list_entities_for_policy(options)
    resp.each_page do |page|
      batch = []
      page.data.policy_groups.each do |p|
        batch << Group.new(
          name: p.group_name,
          data: p,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  Group::Collection.new(batches)
end

#attached_roles(options = {}) ⇒ Role::Collection

Examples:

Request syntax with placeholder values


attached_roles = policy.attached_roles({
  path_prefix: "pathType",
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :path_prefix (String)

    The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all entities.

    This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

Returns:



434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 434

def attached_roles(options = {})
  batches = Enumerator.new do |y|
    options = options.merge(
      policy_arn: @arn,
      entity_filter: "Role"
    )
    resp = @client.list_entities_for_policy(options)
    resp.each_page do |page|
      batch = []
      page.data.policy_roles.each do |p|
        batch << Role.new(
          name: p.role_name,
          data: p,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  Role::Collection.new(batches)
end

#attached_users(options = {}) ⇒ User::Collection

Examples:

Request syntax with placeholder values


attached_users = policy.attached_users({
  path_prefix: "pathType",
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :path_prefix (String)

    The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all entities.

    This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

Returns:



478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 478

def attached_users(options = {})
  batches = Enumerator.new do |y|
    options = options.merge(
      policy_arn: @arn,
      entity_filter: "User"
    )
    resp = @client.list_entities_for_policy(options)
    resp.each_page do |page|
      batch = []
      page.data.policy_users.each do |p|
        batch << User.new(
          name: p.user_name,
          data: p,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  User::Collection.new(batches)
end

#attachment_countInteger

The number of entities (users, groups, and roles) that the policy is attached to.

Returns:

  • (Integer)


75
76
77
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 75

def attachment_count
  data.attachment_count
end

#clientClient

Returns:



125
126
127
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 125

def client
  @client
end

#create_dateTime

The date and time, in ISO 8601 date-time format, when the policy was created.

Returns:

  • (Time)


102
103
104
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 102

def create_date
  data.create_date
end

#create_version(options = {}) ⇒ PolicyVersion

Examples:

Request syntax with placeholder values


policyversion = policy.create_version({
  policy_document: "policyDocumentType", # required
  set_as_default: false,
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :policy_document (required, String)

    The JSON policy document that you want to use as the content for this new version of the policy.

    The regex pattern used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).

  • :set_as_default (Boolean)

    Specifies whether to set this version as the policy's default version.

    When this parameter is true, the new policy version becomes the operative version; that is, the version that is in effect for the IAM users, groups, and roles that the policy is attached to.

    For more information about managed policy versions, see Versioning for Managed Policies in the IAM User Guide.

Returns:



270
271
272
273
274
275
276
277
278
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 270

def create_version(options = {})
  options = options.merge(policy_arn: @arn)
  resp = @client.create_policy_version(options)
  PolicyVersion.new(
    arn: @arn,
    version_id: resp.data.policy_version.version_id,
    client: @client
  )
end

#dataTypes::Policy

Returns the data for this Aws::IAM::Policy. Calls Client#get_policy if #data_loaded? is false.

Returns:



145
146
147
148
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 145

def data
  load unless @data
  @data
end

#data_loaded?Boolean

Returns true if this resource is loaded. Accessing attributes or #data on an unloaded resource will trigger a call to #load.

Returns:

  • (Boolean)

    Returns true if this resource is loaded. Accessing attributes or #data on an unloaded resource will trigger a call to #load.



153
154
155
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 153

def data_loaded?
  !!@data
end

#default_versionPolicyVersion?

Returns:



501
502
503
504
505
506
507
508
509
510
511
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 501

def default_version
  if data.default_version_id
    PolicyVersion.new(
      arn: @arn,
      version_id: data.default_version_id,
      client: @client
    )
  else
    nil
  end
end

#default_version_idString

The identifier for the version of the policy that is set as the default version.

Returns:

  • (String)


68
69
70
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 68

def default_version_id
  data.default_version_id
end

#delete(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


policy.delete()

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Returns:

  • (EmptyStructure)


285
286
287
288
289
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 285

def delete(options = {})
  options = options.merge(policy_arn: @arn)
  resp = @client.delete_policy(options)
  resp.data
end

#descriptionString

A friendly description of the policy.

This element is included in the response to the GetPolicy operation. It is not included in the response to the ListPolicies operation.

Returns:

  • (String)


91
92
93
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 91

def description
  data.description
end

#detach_group(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


policy.detach_group({
  group_name: "groupNameType", # required
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :group_name (required, String)

    The name (friendly name, not ARN) of the IAM group to detach the policy from.

    This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

Returns:

  • (EmptyStructure)


310
311
312
313
314
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 310

def detach_group(options = {})
  options = options.merge(policy_arn: @arn)
  resp = @client.detach_group_policy(options)
  resp.data
end

#detach_role(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


policy.detach_role({
  role_name: "roleNameType", # required
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :role_name (required, String)

    The name (friendly name, not ARN) of the IAM role to detach the policy from.

    This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

Returns:

  • (EmptyStructure)


335
336
337
338
339
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 335

def detach_role(options = {})
  options = options.merge(policy_arn: @arn)
  resp = @client.detach_role_policy(options)
  resp.data
end

#detach_user(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


policy.detach_user({
  user_name: "userNameType", # required
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :user_name (required, String)

    The name (friendly name, not ARN) of the IAM user to detach the policy from.

    This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

Returns:

  • (EmptyStructure)


360
361
362
363
364
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 360

def detach_user(options = {})
  options = options.merge(policy_arn: @arn)
  resp = @client.detach_user_policy(options)
  resp.data
end

#is_attachableBoolean

Specifies whether the policy can be attached to an IAM user, group, or role.

Returns:

  • (Boolean)


82
83
84
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 82

def is_attachable
  data.is_attachable
end

#loadself Also known as: reload

Loads, or reloads #data for the current Aws::IAM::Policy. Returns self making it possible to chain methods.

policy.reload.data

Returns:

  • (self)


135
136
137
138
139
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 135

def load
  resp = @client.get_policy(policy_arn: @arn)
  @data = resp.policy
  self
end

#pathString

The path to the policy.

For more information about paths, see IAM Identifiers in the Using IAM guide.

Returns:

  • (String)


61
62
63
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 61

def path
  data.path
end

#policy_idString

The stable and unique string identifying the policy.

For more information about IDs, see IAM Identifiers in the Using IAM guide.

Returns:

  • (String)


48
49
50
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 48

def policy_id
  data.policy_id
end

#policy_nameString

The friendly name (not ARN) identifying the policy.

Returns:

  • (String)


35
36
37
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 35

def policy_name
  data.policy_name
end

#update_dateTime

The date and time, in ISO 8601 date-time format, when the policy was last updated.

When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.

Returns:

  • (Time)


118
119
120
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 118

def update_date
  data.update_date
end

#versions(options = {}) ⇒ PolicyVersion::Collection

Examples:

Request syntax with placeholder values


policy.versions()

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Returns:



518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 518

def versions(options = {})
  batches = Enumerator.new do |y|
    options = options.merge(policy_arn: @arn)
    resp = @client.list_policy_versions(options)
    resp.each_page do |page|
      batch = []
      page.data.versions.each do |v|
        batch << PolicyVersion.new(
          arn: @arn,
          version_id: v.version_id,
          data: v,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  PolicyVersion::Collection.new(batches)
end