Show / Hide Table of Contents

Class PolicyStatement

Represents a statement in an IAM policy document.

Inheritance
System.Object
PolicyStatement
Namespace: Amazon.CDK.AWS.IAM
Assembly: Amazon.CDK.AWS.IAM.dll
Syntax (csharp)
public class PolicyStatement : DeputyBase
Syntax (vb)
Public Class PolicyStatement
    Inherits DeputyBase

Synopsis

Constructors

PolicyStatement(IPolicyStatementProps)
PolicyStatement(ByRefValue)

Used by jsii to construct an instance of this class from a Javascript-owned object reference

PolicyStatement(DeputyBase.DeputyProps)

Used by jsii to construct an instance of this class from DeputyProps

Properties

Effect

Whether to allow or deny the actions in this statement.

HasPrincipal

Indicates if this permission has a "Principal" section.

HasResource

Indicates if this permission as at least one resource associated with it.

Sid

Statement ID for this statement.

Methods

AddAccountCondition(String)

Add a condition that limits to a given account.

AddAccountRootPrincipal()

Adds an AWS account root user principal to this policy statement.

AddActions(String[])

Specify allowed actions into the "Action" section of the policy statement.

AddAllResources()

Adds a "*" resource to this statement.

AddAnyPrincipal()

Adds all identities in all accounts ("*") to this policy statement.

AddArnPrincipal(String)

Specify a principal using the ARN identifier of the principal.

AddAwsAccountPrincipal(String)

Specify AWS account ID as the principal entity to the "Principal" section of a policy statement.

AddCanonicalUserPrincipal(String)

Adds a canonical user ID principal to this policy document.

AddCondition(String, Object)

Add a condition to the Policy.

AddConditions(IDictionary<String, Object>)

Add multiple conditions to the Policy.

AddFederatedPrincipal(Object, IDictionary<String, Object>)

Adds a federated identity provider such as Amazon Cognito to this policy statement.

AddNotActions(String[])

Explicitly allow all actions except the specified list of actions into the "NotAction" section of the policy document.

AddNotPrincipals(IPrincipal[])

Specify principals that is not allowed or denied access to the "NotPrincipal" section of a policy statement.

AddNotResources(String[])

Specify resources that this policy statement will not apply to in the "NotResource" section of this policy statement.

AddPrincipals(IPrincipal[])

Adds principals to the "Principal" section of a policy statement.

AddResources(String[])

Specify resources that this policy statement applies into the "Resource" section of this policy statement.

AddServicePrincipal(String, IServicePrincipalOpts)

Adds a service principal to this policy statement.

FromJson(Object)

Creates a new PolicyStatement based on the object provided.

ToJSON()

JSON-ify the statement.

ToStatementJson()

JSON-ify the policy statement.

ToString()

String representation of this policy statement.

ValidateForAnyPolicy()

Validate that the policy statement satisfies base requirements for a policy.

ValidateForIdentityPolicy()

Validate that the policy statement satisfies all requirements for an identity-based policy.

ValidateForResourcePolicy()

Validate that the policy statement satisfies all requirements for a resource-based policy.

Constructors

PolicyStatement(IPolicyStatementProps)

public PolicyStatement(IPolicyStatementProps props = null)
Parameters
props IPolicyStatementProps

PolicyStatement(ByRefValue)

Used by jsii to construct an instance of this class from a Javascript-owned object reference

protected PolicyStatement(ByRefValue reference)
Parameters
reference Amazon.JSII.Runtime.Deputy.ByRefValue

The Javascript-owned object reference

PolicyStatement(DeputyBase.DeputyProps)

Used by jsii to construct an instance of this class from DeputyProps

protected PolicyStatement(DeputyBase.DeputyProps props)
Parameters
props Amazon.JSII.Runtime.Deputy.DeputyBase.DeputyProps

The deputy props

Properties

Effect

Whether to allow or deny the actions in this statement.

public virtual Effect Effect { get; set; }
Property Value

Effect

HasPrincipal

Indicates if this permission has a "Principal" section.

public virtual bool HasPrincipal { get; }
Property Value

System.Boolean

HasResource

Indicates if this permission as at least one resource associated with it.

public virtual bool HasResource { get; }
Property Value

System.Boolean

Sid

Statement ID for this statement.

public virtual string Sid { get; set; }
Property Value

System.String

Methods

AddAccountCondition(String)

Add a condition that limits to a given account.

public virtual void AddAccountCondition(string accountId)
Parameters
accountId System.String

AddAccountRootPrincipal()

Adds an AWS account root user principal to this policy statement.

public virtual void AddAccountRootPrincipal()

AddActions(String[])

Specify allowed actions into the "Action" section of the policy statement.

public virtual void AddActions(params string[] actions)
Parameters
actions System.String[]

actions that will be allowed.

Remarks

See: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html

AddAllResources()

Adds a &quot;*&quot; resource to this statement.

public virtual void AddAllResources()

AddAnyPrincipal()

Adds all identities in all accounts ("*") to this policy statement.

public virtual void AddAnyPrincipal()

AddArnPrincipal(String)

Specify a principal using the ARN identifier of the principal.

public virtual void AddArnPrincipal(string arn)
Parameters
arn System.String

ARN identifier of AWS account, IAM user, or IAM role (i.e. arn:aws:iam::123456789012:user/user-name).

Remarks

You cannot specify IAM groups and instance profiles as principals.

AddAwsAccountPrincipal(String)

Specify AWS account ID as the principal entity to the "Principal" section of a policy statement.

public virtual void AddAwsAccountPrincipal(string accountId)
Parameters
accountId System.String

AddCanonicalUserPrincipal(String)

Adds a canonical user ID principal to this policy document.

public virtual void AddCanonicalUserPrincipal(string canonicalUserId)
Parameters
canonicalUserId System.String

unique identifier assigned by AWS for every account.

AddCondition(String, Object)

Add a condition to the Policy.

public virtual void AddCondition(string key, object value)
Parameters
key System.String
value System.Object

AddConditions(IDictionary<String, Object>)

Add multiple conditions to the Policy.

public virtual void AddConditions(IDictionary<string, object> conditions)
Parameters
conditions System.Collections.Generic.IDictionary<System.String, System.Object>

AddFederatedPrincipal(Object, IDictionary<String, Object>)

Adds a federated identity provider such as Amazon Cognito to this policy statement.

public virtual void AddFederatedPrincipal(object federated, IDictionary<string, object> conditions)
Parameters
federated System.Object

federated identity provider (i.e. 'cognito-identity.amazonaws.com').

conditions System.Collections.Generic.IDictionary<System.String, System.Object>

The conditions under which the policy is in effect.

AddNotActions(String[])

Explicitly allow all actions except the specified list of actions into the "NotAction" section of the policy document.

public virtual void AddNotActions(params string[] notActions)
Parameters
notActions System.String[]

actions that will be denied.

Remarks

See: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html

AddNotPrincipals(IPrincipal[])

Specify principals that is not allowed or denied access to the "NotPrincipal" section of a policy statement.

public virtual void AddNotPrincipals(params IPrincipal[] notPrincipals)
Parameters
notPrincipals IPrincipal[]

IAM principals that will be denied access.

Remarks

See: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notprincipal.html

AddNotResources(String[])

Specify resources that this policy statement will not apply to in the "NotResource" section of this policy statement.

public virtual void AddNotResources(params string[] arns)
Parameters
arns System.String[]

Amazon Resource Names (ARNs) of the resources that this policy statement does not apply to.

Remarks

All resources except the specified list will be matched.

See: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notresource.html

AddPrincipals(IPrincipal[])

Adds principals to the "Principal" section of a policy statement.

public virtual void AddPrincipals(params IPrincipal[] principals)
Parameters
principals IPrincipal[]

IAM principals that will be added.

Remarks

See: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html

AddResources(String[])

Specify resources that this policy statement applies into the "Resource" section of this policy statement.

public virtual void AddResources(params string[] arns)
Parameters
arns System.String[]

Amazon Resource Names (ARNs) of the resources that this policy statement applies to.

Remarks

See: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html

AddServicePrincipal(String, IServicePrincipalOpts)

Adds a service principal to this policy statement.

public virtual void AddServicePrincipal(string service, IServicePrincipalOpts opts = null)
Parameters
service System.String

the service name for which a service principal is requested (e.g: s3.amazonaws.com).

opts IServicePrincipalOpts

options for adding the service principal (such as specifying a principal in a different region).

FromJson(Object)

Creates a new PolicyStatement based on the object provided.

public static PolicyStatement FromJson(object obj)
Parameters
obj System.Object

the PolicyStatement in object form.

Returns

PolicyStatement

Remarks

This will accept an object created from the .toJSON() call

ToJSON()

JSON-ify the statement.

public virtual object ToJSON()
Returns

System.Object

Remarks

Used when JSON.stringify() is called

ToStatementJson()

JSON-ify the policy statement.

public virtual object ToStatementJson()
Returns

System.Object

Remarks

Used when JSON.stringify() is called

ToString()

String representation of this policy statement.

public override string ToString()
Returns

System.String

ValidateForAnyPolicy()

Validate that the policy statement satisfies base requirements for a policy.

public virtual string[] ValidateForAnyPolicy()
Returns

System.String[]

ValidateForIdentityPolicy()

Validate that the policy statement satisfies all requirements for an identity-based policy.

public virtual string[] ValidateForIdentityPolicy()
Returns

System.String[]

ValidateForResourcePolicy()

Validate that the policy statement satisfies all requirements for a resource-based policy.

public virtual string[] ValidateForResourcePolicy()
Returns

System.String[]

Back to top Generated by DocFX