You are viewing documentation for version 3 of the AWS SDK for Ruby. Version 2 documentation can be found here.

Class: Aws::IAM::Policy

Inherits:
Object
  • Object
show all
Defined in:
gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb

Defined Under Namespace

Classes: Collection

Actions collapse

Associations collapse

Read-Only Attributes collapse

Instance Method Summary collapse

Constructor Details

#initialize(arn, options = {}) ⇒ Policy #initialize(options = {}) ⇒ Policy

Returns a new instance of Policy

Overloads:

  • #initialize(arn, options = {}) ⇒ Policy

    Parameters:

    • arn (String)

    Options Hash (options):

  • #initialize(options = {}) ⇒ Policy

    Options Hash (options):

    • :arn (required, String)
    • :client (Client)


19
20
21
22
23
24
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 19

def initialize(*args)
  options = Hash === args.last ? args.pop.dup : {}
  @arn = extract_arn(args, options)
  @data = options.delete(:data)
  @client = options.delete(:client) || Client.new(options)
end

Instance Method Details

#arnString

Returns:

  • (String)


29
30
31
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 29

def arn
  @arn
end

#attach_group(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


policy.attach_group({
  group_name: "groupNameType", # required
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :group_name (required, String)

    The name (friendly name, not ARN) of the group to attach the policy to.

    This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

Returns:

  • (EmptyStructure)


273
274
275
276
277
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 273

def attach_group(options = {})
  options = options.merge(policy_arn: @arn)
  resp = @client.attach_group_policy(options)
  resp.data
end

#attach_role(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


policy.attach_role({
  role_name: "roleNameType", # required
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :role_name (required, String)

    The name (friendly name, not ARN) of the role to attach the policy to.

    This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

Returns:

  • (EmptyStructure)


297
298
299
300
301
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 297

def attach_role(options = {})
  options = options.merge(policy_arn: @arn)
  resp = @client.attach_role_policy(options)
  resp.data
end

#attach_user(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


policy.attach_user({
  user_name: "userNameType", # required
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :user_name (required, String)

    The name (friendly name, not ARN) of the IAM user to attach the policy to.

    This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

Returns:

  • (EmptyStructure)


322
323
324
325
326
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 322

def attach_user(options = {})
  options = options.merge(policy_arn: @arn)
  resp = @client.attach_user_policy(options)
  resp.data
end

#attached_groups(options = {}) ⇒ Group::Collection

Examples:

Request syntax with placeholder values


attached_groups = policy.attached_groups({
  path_prefix: "pathType",
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :path_prefix (String)

    The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all entities.

    This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

Returns:



485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 485

def attached_groups(options = {})
  batches = Enumerator.new do |y|
    options = options.merge(
      policy_arn: @arn,
      entity_filter: "Group"
    )
    resp = @client.list_entities_for_policy(options)
    resp.each_page do |page|
      batch = []
      page.data.policy_groups.each do |p|
        batch << Group.new(
          name: p.group_name,
          data: p,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  Group::Collection.new(batches)
end

#attached_roles(options = {}) ⇒ Role::Collection

Examples:

Request syntax with placeholder values


attached_roles = policy.attached_roles({
  path_prefix: "pathType",
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :path_prefix (String)

    The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all entities.

    This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

Returns:



529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 529

def attached_roles(options = {})
  batches = Enumerator.new do |y|
    options = options.merge(
      policy_arn: @arn,
      entity_filter: "Role"
    )
    resp = @client.list_entities_for_policy(options)
    resp.each_page do |page|
      batch = []
      page.data.policy_roles.each do |p|
        batch << Role.new(
          name: p.role_name,
          data: p,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  Role::Collection.new(batches)
end

#attached_users(options = {}) ⇒ User::Collection

Examples:

Request syntax with placeholder values


attached_users = policy.attached_users({
  path_prefix: "pathType",
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :path_prefix (String)

    The path prefix for filtering the results. This parameter is optional. If it is not included, it defaults to a slash (/), listing all entities.

    This paramater allows (per its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes, containing any ASCII character from the ! (\u0021) thru the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

Returns:



573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 573

def attached_users(options = {})
  batches = Enumerator.new do |y|
    options = options.merge(
      policy_arn: @arn,
      entity_filter: "User"
    )
    resp = @client.list_entities_for_policy(options)
    resp.each_page do |page|
      batch = []
      page.data.policy_users.each do |p|
        batch << User.new(
          name: p.user_name,
          data: p,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  User::Collection.new(batches)
end

#attachment_countInteger

The number of entities (users, groups, and roles) that the policy is attached to.

Returns:

  • (Integer)


75
76
77
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 75

def attachment_count
  data[:attachment_count]
end

#clientClient

Returns:



125
126
127
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 125

def client
  @client
end

#create_dateTime

The date and time, in ISO 8601 date-time format, when the policy was created.

Returns:

  • (Time)


102
103
104
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 102

def create_date
  data[:create_date]
end

#create_version(options = {}) ⇒ PolicyVersion

Examples:

Request syntax with placeholder values


policyversion = policy.create_version({
  policy_document: "policyDocumentType", # required
  set_as_default: false,
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :policy_document (required, String)

    The JSON policy document that you want to use as the content for this new version of the policy.

    The regex pattern used to validate this parameter is a string of characters consisting of any printable ASCII character ranging from the space character (\u0020) through end of the ASCII character range as well as the printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF). It also includes the special characters tab (\u0009), line feed (\u000A), and carriage return (\u000D).

  • :set_as_default (Boolean)

    Specifies whether to set this version as the policy's default version.

    When this parameter is true, the new policy version becomes the operative version; that is, the version that is in effect for the IAM users, groups, and roles that the policy is attached to.

    For more information about managed policy versions, see Versioning for Managed Policies in the IAM User Guide.

Returns:



365
366
367
368
369
370
371
372
373
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 365

def create_version(options = {})
  options = options.merge(policy_arn: @arn)
  resp = @client.create_policy_version(options)
  PolicyVersion.new(
    arn: @arn,
    version_id: resp.data.policy_version.version_id,
    client: @client
  )
end

#dataTypes::Policy

Returns the data for this Aws::IAM::Policy. Calls Client#get_policy if #data_loaded? is false.

Returns:



145
146
147
148
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 145

def data
  load unless @data
  @data
end

#data_loaded?Boolean

Returns true if this resource is loaded. Accessing attributes or #data on an unloaded resource will trigger a call to #load.

Returns:

  • (Boolean)

    Returns true if this resource is loaded. Accessing attributes or #data on an unloaded resource will trigger a call to #load.



153
154
155
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 153

def data_loaded?
  !!@data
end

#default_versionPolicyVersion?

Returns:



596
597
598
599
600
601
602
603
604
605
606
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 596

def default_version
  if data[:default_version_id]
    PolicyVersion.new(
      arn: @arn,
      version_id: data[:default_version_id],
      client: @client
    )
  else
    nil
  end
end

#default_version_idString

The identifier for the version of the policy that is set as the default version.

Returns:

  • (String)


68
69
70
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 68

def default_version_id
  data[:default_version_id]
end

#delete(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


policy.delete()

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Returns:

  • (EmptyStructure)


380
381
382
383
384
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 380

def delete(options = {})
  options = options.merge(policy_arn: @arn)
  resp = @client.delete_policy(options)
  resp.data
end

#descriptionString

A friendly description of the policy.

This element is included in the response to the GetPolicy operation. It is not included in the response to the ListPolicies operation.

Returns:

  • (String)


91
92
93
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 91

def description
  data[:description]
end

#detach_group(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


policy.detach_group({
  group_name: "groupNameType", # required
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :group_name (required, String)

    The name (friendly name, not ARN) of the IAM group to detach the policy from.

    This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

Returns:

  • (EmptyStructure)


405
406
407
408
409
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 405

def detach_group(options = {})
  options = options.merge(policy_arn: @arn)
  resp = @client.detach_group_policy(options)
  resp.data
end

#detach_role(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


policy.detach_role({
  role_name: "roleNameType", # required
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :role_name (required, String)

    The name (friendly name, not ARN) of the IAM role to detach the policy from.

    This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

Returns:

  • (EmptyStructure)


430
431
432
433
434
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 430

def detach_role(options = {})
  options = options.merge(policy_arn: @arn)
  resp = @client.detach_role_policy(options)
  resp.data
end

#detach_user(options = {}) ⇒ EmptyStructure

Examples:

Request syntax with placeholder values


policy.detach_user({
  user_name: "userNameType", # required
})

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Options Hash (options):

  • :user_name (required, String)

    The name (friendly name, not ARN) of the IAM user to detach the policy from.

    This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

Returns:

  • (EmptyStructure)


455
456
457
458
459
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 455

def detach_user(options = {})
  options = options.merge(policy_arn: @arn)
  resp = @client.detach_user_policy(options)
  resp.data
end

#is_attachableBoolean

Specifies whether the policy can be attached to an IAM user, group, or role.

Returns:

  • (Boolean)


82
83
84
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 82

def is_attachable
  data[:is_attachable]
end

#loadself Also known as: reload

Loads, or reloads #data for the current Aws::IAM::Policy. Returns self making it possible to chain methods.

policy.reload.data

Returns:

  • (self)


135
136
137
138
139
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 135

def load
  resp = @client.get_policy(policy_arn: @arn)
  @data = resp.policy
  self
end

#pathString

The path to the policy.

For more information about paths, see IAM Identifiers in the Using IAM guide.

Returns:

  • (String)


61
62
63
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 61

def path
  data[:path]
end

#policy_idString

The stable and unique string identifying the policy.

For more information about IDs, see IAM Identifiers in the Using IAM guide.

Returns:

  • (String)


48
49
50
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 48

def policy_id
  data[:policy_id]
end

#policy_nameString

The friendly name (not ARN) identifying the policy.

Returns:

  • (String)


35
36
37
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 35

def policy_name
  data[:policy_name]
end

#update_dateTime

The date and time, in ISO 8601 date-time format, when the policy was last updated.

When a policy has only one version, this field contains the date and time when the policy was created. When a policy has more than one version, this field contains the date and time when the most recent policy version was created.

Returns:

  • (Time)


118
119
120
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 118

def update_date
  data[:update_date]
end

#versions(options = {}) ⇒ PolicyVersion::Collection

Examples:

Request syntax with placeholder values


policy.versions()

Parameters:

  • options (Hash) (defaults to: {})

    ({})

Returns:



613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 613

def versions(options = {})
  batches = Enumerator.new do |y|
    options = options.merge(policy_arn: @arn)
    resp = @client.list_policy_versions(options)
    resp.each_page do |page|
      batch = []
      page.data.versions.each do |v|
        batch << PolicyVersion.new(
          arn: @arn,
          version_id: v.version_id,
          data: v,
          client: @client
        )
      end
      y.yield(batch)
    end
  end
  PolicyVersion::Collection.new(batches)
end

#wait_until(options = {}, &block) ⇒ Resource

Deprecated.

Use [Aws::IAM::Client] #wait_until instead

Note:

The waiting operation is performed on a copy. The original resource remains unchanged

Waiter polls an API operation until a resource enters a desired state.

Basic Usage

Waiter will polls until it is successful, it fails by entering a terminal state, or until a maximum number of attempts are made.

# polls in a loop until condition is true
resource.wait_until(options) {|resource| condition}

Example

instance.wait_until(max_attempts:10, delay:5) {|instance| instance.state.name == 'running' }

Configuration

You can configure the maximum number of polling attempts, and the delay (in seconds) between each polling attempt. The waiting condition is set by passing a block to #wait_until:

# poll for ~25 seconds
resource.wait_until(max_attempts:5,delay:5) {|resource|...}

Callbacks

You can be notified before each polling attempt and before each delay. If you throw :success or :failure from these callbacks, it will terminate the waiter.

started_at = Time.now
# poll for 1 hour, instead of a number of attempts
proc = Proc.new do |attempts, response|
  throw :failure if Time.now - started_at > 3600
end

  # disable max attempts
instance.wait_until(before_wait:proc, max_attempts:nil) {...}

Handling Errors

When a waiter is successful, it returns the Resource. When a waiter fails, it raises an error.

begin
  resource.wait_until(...)
rescue Aws::Waiters::Errors::WaiterFailed
  # resource did not enter the desired state in time
end

attempts attempt in seconds invoked before each attempt invoked before each wait

Parameters:

  • options (Hash) (defaults to: {})

    a customizable set of options

Options Hash (options):

  • :max_attempts (Integer) — default: 10

    Maximum number of

  • :delay (Integer) — default: 10

    Delay between each

  • :before_attempt (Proc) — default: nil

    Callback

  • :before_wait (Proc) — default: nil

    Callback

Returns:

  • (Resource)

    if the waiter was successful

Raises:

  • (Aws::Waiters::Errors::FailureStateError)

    Raised when the waiter terminates because the waiter has entered a state that it will not transition out of, preventing success.

    yet successful.

  • (Aws::Waiters::Errors::UnexpectedError)

    Raised when an error is encountered while polling for a resource that is not expected.

  • (NotImplementedError)

    Raised when the resource does not



235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
# File 'gems/aws-sdk-iam/lib/aws-sdk-iam/policy.rb', line 235

def wait_until(options = {}, &block)
  self_copy = self.dup
  attempts = 0
  options[:max_attempts] = 10 unless options.key?(:max_attempts)
  options[:delay] ||= 10
  options[:poller] = Proc.new do
    attempts += 1
    if block.call(self_copy)
      [:success, self_copy]
    else
      self_copy.reload unless attempts == options[:max_attempts]
      :retry
    end
  end
  Aws::Waiters::Waiter.new(options).wait({})
end