class PolicyDocument

Language	Type name
.NET	`Amazon.CDK.AWS.IAM.PolicyDocument`
Java	`software.amazon.awscdk.services.iam.PolicyDocument`
Python	`aws_cdk.aws_iam.PolicyDocument`
TypeScript (source)	`@aws-cdk/aws-iam` » `PolicyDocument`

Implements IResolvable

A PolicyDocument is a collection of statements.

Example

const myTrustedAdminRole = iam.Role.fromRoleArn(this, 'TrustedRole', 'arn:aws:iam:....');
// Creates a limited admin policy and assigns to the account root.
const myCustomPolicy = new iam.PolicyDocument({
  statements: [new iam.PolicyStatement({
    actions: [
      'kms:Create*',
      'kms:Describe*',
      'kms:Enable*',
      'kms:List*',
      'kms:Put*',
    ],
    principals: [new iam.AccountRootPrincipal()],
    resources: ['*'],
  })],
});
const key = new kms.Key(this, 'MyKey', {
  policy: myCustomPolicy,
});

Initializer

new PolicyDocument(props?: PolicyDocumentProps)

Parameters

props PolicyDocumentProps

Properties

Name	Type	Description
creationStack	`string[]`	The creation stack of this resolvable which will be appended to errors thrown during resolution.
isEmpty	`boolean`	Whether the policy document contains any statements.
statementCount	`number`	The number of statements already added to this policy.

creationStack

Type: string[]

The creation stack of this resolvable which will be appended to errors thrown during resolution.

This may return an array with a single informational element indicating how to get this property populated, if it was skipped for performance reasons.

isEmpty

Type: boolean

Whether the policy document contains any statements.

statementCount

Type: number

The number of statements already added to this policy.

Can be used, for example, to generate unique "sid"s within the policy.

Methods

Name	Description
addStatements(...statement)	Adds a statement to the policy document.
resolve(context)	Produce the Token's value at resolution time.
toJSON()	JSON-ify the document.
toString()	Encode the policy document as a string.
validateForAnyPolicy()	Validate that all policy statements in the policy document satisfies the requirements for any policy.
validateForIdentityPolicy()	Validate that all policy statements in the policy document satisfies the requirements for an identity-based policy.
validateForResourcePolicy()	Validate that all policy statements in the policy document satisfies the requirements for a resource-based policy.
static fromJson(obj)	Creates a new PolicyDocument based on the object provided.

addStatements(...statement)

public addStatements(...statement: PolicyStatement[]): void

Parameters

statement PolicyStatement — the statement to add.

Adds a statement to the policy document.

resolve(context)

public resolve(context: IResolveContext): any

Parameters

context IResolveContext

Returns

any

Produce the Token's value at resolution time.

toJSON()

public toJSON(): any

Returns

any

JSON-ify the document.

Used when JSON.stringify() is called

toString()

public toString(): string

Returns

string

Encode the policy document as a string.

validateForAnyPolicy()

public validateForAnyPolicy(): string[]

Returns

string[]

Validate that all policy statements in the policy document satisfies the requirements for any policy.

validateForIdentityPolicy()

public validateForIdentityPolicy(): string[]

Returns

string[]

Validate that all policy statements in the policy document satisfies the requirements for an identity-based policy.

validateForResourcePolicy()

public validateForResourcePolicy(): string[]

Returns

string[]

Validate that all policy statements in the policy document satisfies the requirements for a resource-based policy.

static fromJson(obj)

public static fromJson(obj: any): PolicyDocument

Parameters

obj any — the PolicyDocument in object form.

Returns

PolicyDocument

Creates a new PolicyDocument based on the object provided.

This will accept an object created from the .toJSON() call