Properties for defining an IAM inline policy document.
|document?||Initial PolicyDocument to use for this Policy.|
|force?||Force creation of an |
|groups?||Groups to attach this policy to.|
|policy||The name of the policy.|
|roles?||Roles to attach this policy to.|
|statements?||Initial set of permissions to add to this policy document.|
|users?||Users to attach this policy to.|
(optional, default: An empty policy.)
Initial PolicyDocument to use for this Policy.
If omited, any
PolicyStatement provided in the
statements property will be applied
against the empty default
(optional, default: false)
Force creation of an
Unless set to
Policy construct will not materialize to an
AWS::IAM::Policy CloudFormation resource in case it would have no effect
(for example, if it remains unattached to an IAM identity or if it has no
statements). This is generally desired behavior, since it prevents
creating invalid--and hence undeployable--CloudFormation templates.
In cases where you know the policy must be created and it is actually
an error if no statements have been added to it, you can se this to
(optional, default: No groups.)
Groups to attach this policy to.
You can also use
attachToGroup(group) to attach this policy to a group.
(optional, default: Uses the logical ID of the policy resource, which is ensured
to be unique within the stack.)
The name of the policy.
If you specify multiple policies for an entity, specify unique names. For example, if you specify a list of policies for an IAM role, each policy must have a unique name.