Class PolicyStatement
Represents a statement in an IAM policy document.
Inheritance
Namespace: Amazon.CDK.AWS.IAM
Assembly: Amazon.CDK.AWS.IAM.dll
Syntax (csharp)
public class PolicyStatement : DeputyBaseSyntax (vb)
Public Class PolicyStatement
Inherits DeputyBaseRemarks
Stability: Stable
Synopsis
Constructors
| PolicyStatement(IPolicyStatementProps) | |
| PolicyStatement(ByRefValue) | Used by jsii to construct an instance of this class from a Javascript-owned object reference |
| PolicyStatement(DeputyBase.DeputyProps) | Used by jsii to construct an instance of this class from DeputyProps |
Properties
| Effect | Whether to allow or deny the actions in this statement. |
| HasPrincipal | Indicates if this permission has a "Principal" section. |
| HasResource | Indicates if this permission as at least one resource associated with it. |
| Sid | Statement ID for this statement. |
Methods
| AddAccountCondition(String) | Add a condition that limits to a given account. |
| AddAccountRootPrincipal() | Adds an AWS account root user principal to this policy statement. |
| AddActions(String[]) | Specify allowed actions into the "Action" section of the policy statement. |
| AddAllResources() | Adds a |
| AddAnyPrincipal() | Adds all identities in all accounts ("*") to this policy statement. |
| AddArnPrincipal(String) | Specify a principal using the ARN identifier of the principal. |
| AddAwsAccountPrincipal(String) | Specify AWS account ID as the principal entity to the "Principal" section of a policy statement. |
| AddCanonicalUserPrincipal(String) | Adds a canonical user ID principal to this policy document. |
| AddCondition(String, Object) | Add a condition to the Policy. |
| AddConditions(IDictionary<String, Object>) | Add multiple conditions to the Policy. |
| AddFederatedPrincipal(Object, IDictionary<String, Object>) | Adds a federated identity provider such as Amazon Cognito to this policy statement. |
| AddNotActions(String[]) | Explicitly allow all actions except the specified list of actions into the "NotAction" section of the policy document. |
| AddNotPrincipals(IPrincipal[]) | Specify principals that is not allowed or denied access to the "NotPrincipal" section of a policy statement. |
| AddNotResources(String[]) | Specify resources that this policy statement will not apply to in the "NotResource" section of this policy statement. |
| AddPrincipals(IPrincipal[]) | Adds principals to the "Principal" section of a policy statement. |
| AddResources(String[]) | Specify resources that this policy statement applies into the "Resource" section of this policy statement. |
| AddServicePrincipal(String, IServicePrincipalOpts) | Adds a service principal to this policy statement. |
| FromJson(Object) | Creates a new PolicyStatement based on the object provided. |
| ToJSON() | JSON-ify the statement. |
| ToStatementJson() | JSON-ify the policy statement. |
| ToString() | String representation of this policy statement. |
Constructors
PolicyStatement(IPolicyStatementProps)
public PolicyStatement(IPolicyStatementProps props = null)Parameters
- props IPolicyStatementProps
Remarks
Stability: Stable
PolicyStatement(ByRefValue)
Used by jsii to construct an instance of this class from a Javascript-owned object reference
protected PolicyStatement(ByRefValue reference)Parameters
- reference Amazon.JSII.Runtime.Deputy.ByRefValue
The Javascript-owned object reference
PolicyStatement(DeputyBase.DeputyProps)
Used by jsii to construct an instance of this class from DeputyProps
protected PolicyStatement(DeputyBase.DeputyProps props)Parameters
- props Amazon.JSII.Runtime.Deputy.DeputyBase.DeputyProps
The deputy props
Properties
Effect
Whether to allow or deny the actions in this statement.
public virtual Effect Effect { get; set; }Property Value
Remarks
Stability: Stable
HasPrincipal
Indicates if this permission has a "Principal" section.
public virtual bool HasPrincipal { get; }Property Value
System.Boolean
Remarks
Stability: Stable
HasResource
Indicates if this permission as at least one resource associated with it.
public virtual bool HasResource { get; }Property Value
System.Boolean
Remarks
Stability: Stable
Sid
Statement ID for this statement.
public virtual string Sid { get; set; }Property Value
System.String
Remarks
Stability: Stable
Methods
AddAccountCondition(String)
Add a condition that limits to a given account.
public virtual void AddAccountCondition(string accountId)Parameters
- accountId System.String
Remarks
Stability: Stable
AddAccountRootPrincipal()
Adds an AWS account root user principal to this policy statement.
public virtual void AddAccountRootPrincipal()Remarks
Stability: Stable
AddActions(String[])
Specify allowed actions into the "Action" section of the policy statement.
public virtual void AddActions(params string[] actions)Parameters
- actions System.String[]
actions that will be allowed.
Remarks
Stability: Stable
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html
AddAllResources()
Adds a "*" resource to this statement.
public virtual void AddAllResources()Remarks
Stability: Stable
AddAnyPrincipal()
Adds all identities in all accounts ("*") to this policy statement.
public virtual void AddAnyPrincipal()Remarks
Stability: Stable
AddArnPrincipal(String)
Specify a principal using the ARN identifier of the principal.
public virtual void AddArnPrincipal(string arn)Parameters
- arn System.String
ARN identifier of AWS account, IAM user, or IAM role (i.e. arn:aws:iam::123456789012:user/user-name).
Remarks
You cannot specify IAM groups and instance profiles as principals.
Stability: Stable
AddAwsAccountPrincipal(String)
Specify AWS account ID as the principal entity to the "Principal" section of a policy statement.
public virtual void AddAwsAccountPrincipal(string accountId)Parameters
- accountId System.String
Remarks
Stability: Stable
AddCanonicalUserPrincipal(String)
Adds a canonical user ID principal to this policy document.
public virtual void AddCanonicalUserPrincipal(string canonicalUserId)Parameters
- canonicalUserId System.String
unique identifier assigned by AWS for every account.
Remarks
Stability: Stable
AddCondition(String, Object)
Add a condition to the Policy.
public virtual void AddCondition(string key, object value)Parameters
- key System.String
- value System.Object
Remarks
Stability: Stable
AddConditions(IDictionary<String, Object>)
Add multiple conditions to the Policy.
public virtual void AddConditions(IDictionary<string, object> conditions)Parameters
- conditions System.Collections.Generic.IDictionary<System.String, System.Object>
Remarks
Stability: Stable
AddFederatedPrincipal(Object, IDictionary<String, Object>)
Adds a federated identity provider such as Amazon Cognito to this policy statement.
public virtual void AddFederatedPrincipal(object federated, IDictionary<string, object> conditions)Parameters
- federated System.Object
federated identity provider (i.e. 'cognito-identity.amazonaws.com').
- conditions System.Collections.Generic.IDictionary<System.String, System.Object>
The conditions under which the policy is in effect.
Remarks
Stability: Stable
AddNotActions(String[])
Explicitly allow all actions except the specified list of actions into the "NotAction" section of the policy document.
public virtual void AddNotActions(params string[] notActions)Parameters
- notActions System.String[]
actions that will be denied.
Remarks
Stability: Stable
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html
AddNotPrincipals(IPrincipal[])
Specify principals that is not allowed or denied access to the "NotPrincipal" section of a policy statement.
public virtual void AddNotPrincipals(params IPrincipal[] notPrincipals)Parameters
- notPrincipals IPrincipal[]
IAM principals that will be denied access.
Remarks
AddNotResources(String[])
Specify resources that this policy statement will not apply to in the "NotResource" section of this policy statement.
public virtual void AddNotResources(params string[] arns)Parameters
- arns System.String[]
Amazon Resource Names (ARNs) of the resources that this policy statement does not apply to.
Remarks
All resources except the specified list will be matched.
Stability: Stable
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notresource.html
AddPrincipals(IPrincipal[])
Adds principals to the "Principal" section of a policy statement.
public virtual void AddPrincipals(params IPrincipal[] principals)Parameters
- principals IPrincipal[]
IAM principals that will be added.
Remarks
Stability: Stable
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html
AddResources(String[])
Specify resources that this policy statement applies into the "Resource" section of this policy statement.
public virtual void AddResources(params string[] arns)Parameters
- arns System.String[]
Amazon Resource Names (ARNs) of the resources that this policy statement applies to.
Remarks
Stability: Stable
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html
AddServicePrincipal(String, IServicePrincipalOpts)
Adds a service principal to this policy statement.
public virtual void AddServicePrincipal(string service, IServicePrincipalOpts opts = null)Parameters
- service System.String
the service name for which a service principal is requested (e.g:
s3.amazonaws.com).- opts IServicePrincipalOpts
options for adding the service principal (such as specifying a principal in a different region).
Remarks
Stability: Stable
FromJson(Object)
Creates a new PolicyStatement based on the object provided.
public static PolicyStatement FromJson(object obj)Parameters
- obj System.Object
the PolicyStatement in object form.
Returns
Remarks
This will accept an object created from the .toJSON() call
Stability: Stable
ToJSON()
JSON-ify the statement.
public virtual object ToJSON()Returns
System.Object
Remarks
Used when JSON.stringify() is called
Stability: Stable
ToStatementJson()
JSON-ify the policy statement.
public virtual object ToStatementJson()Returns
System.Object
Remarks
Used when JSON.stringify() is called
Stability: Stable
ToString()
String representation of this policy statement.
public override string ToString()Returns
System.String
Remarks
Stability: Stable