Interface IPolicyProps
Properties for defining an IAM inline policy document.
Namespace: Amazon.CDK.AWS.IAM
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public interface IPolicyProps
Syntax (vb)
Public Interface IPolicyProps
Remarks
ExampleMetadata: infused
Examples
Resource books;
User iamUser;
var getBooks = books.AddMethod("GET", new HttpIntegration("http://amazon.com"), new MethodOptions {
AuthorizationType = AuthorizationType.IAM
});
iamUser.AttachInlinePolicy(new Policy(this, "AllowBooks", new PolicyProps {
Statements = new [] {
new PolicyStatement(new PolicyStatementProps {
Actions = new [] { "execute-api:Invoke" },
Effect = Effect.ALLOW,
Resources = new [] { getBooks.MethodArn }
}) }
}));
Synopsis
Properties
Document | Initial PolicyDocument to use for this Policy. |
Force | Force creation of an |
Groups | Groups to attach this policy to. |
PolicyName | The name of the policy. |
Roles | Roles to attach this policy to. |
Statements | Initial set of permissions to add to this policy document. |
Users | Users to attach this policy to. |
Properties
Document
Initial PolicyDocument to use for this Policy.
virtual PolicyDocument Document { get; }
Property Value
Remarks
If omited, any
PolicyStatement
provided in the statements
property will be applied
against the empty default PolicyDocument
.
Default: - An empty policy.
Force
Force creation of an AWS::IAM::Policy
.
virtual Nullable<bool> Force { get; }
Property Value
System.Nullable<System.Boolean>
Remarks
Unless set to true
, this Policy
construct will not materialize to an
AWS::IAM::Policy
CloudFormation resource in case it would have no effect
(for example, if it remains unattached to an IAM identity or if it has no
statements). This is generally desired behavior, since it prevents
creating invalid--and hence undeployable--CloudFormation templates.
In cases where you know the policy must be created and it is actually
an error if no statements have been added to it or it remains unattached to
an IAM identity, you can set this to true
.
Default: false
Groups
Groups to attach this policy to.
virtual IGroup[] Groups { get; }
Property Value
IGroup[]
Remarks
You can also use attachToGroup(group)
to attach this policy to a group.
Default: - No groups.
PolicyName
The name of the policy.
virtual string PolicyName { get; }
Property Value
System.String
Remarks
If you specify multiple policies for an entity, specify unique names. For example, if you specify a list of policies for an IAM role, each policy must have a unique name.
Default: - Uses the logical ID of the policy resource, which is ensured to be unique within the stack.
Roles
Roles to attach this policy to.
virtual IRole[] Roles { get; }
Property Value
IRole[]
Remarks
You can also use attachToRole(role)
to attach this policy to a role.
Default: - No roles.
Statements
Initial set of permissions to add to this policy document.
virtual PolicyStatement[] Statements { get; }
Property Value
Remarks
You can also use addStatements(...statement)
to add permissions later.
Default: - No statements.
Users
Users to attach this policy to.
virtual IUser[] Users { get; }
Property Value
IUser[]
Remarks
You can also use attachToUser(user)
to attach this policy to a user.
Default: - No users.