Class PolicyStatement
Represents a statement in an IAM policy document.
Inheritance
Namespace: Amazon.CDK.AWS.IAM
Assembly: Amazon.CDK.AWS.IAM.dll
Syntax (csharp)
public class PolicyStatement : DeputyBase
Syntax (vb)
Public Class PolicyStatement
Inherits DeputyBase
Synopsis
Constructors
PolicyStatement(IPolicyStatementProps) | |
PolicyStatement(ByRefValue) | Used by jsii to construct an instance of this class from a Javascript-owned object reference |
PolicyStatement(DeputyBase.DeputyProps) | Used by jsii to construct an instance of this class from DeputyProps |
Properties
Effect | Whether to allow or deny the actions in this statement. |
HasPrincipal | Indicates if this permission has a "Principal" section. |
HasResource | Indicates if this permission as at least one resource associated with it. |
Sid | Statement ID for this statement. |
Methods
AddAccountCondition(String) | Add a condition that limits to a given account. |
AddAccountRootPrincipal() | Adds an AWS account root user principal to this policy statement. |
AddActions(String[]) | Specify allowed actions into the "Action" section of the policy statement. |
AddAllResources() | Adds a |
AddAnyPrincipal() | Adds all identities in all accounts ("*") to this policy statement. |
AddArnPrincipal(String) | Specify a principal using the ARN identifier of the principal. |
AddAwsAccountPrincipal(String) | Specify AWS account ID as the principal entity to the "Principal" section of a policy statement. |
AddCanonicalUserPrincipal(String) | Adds a canonical user ID principal to this policy document. |
AddCondition(String, Object) | Add a condition to the Policy. |
AddConditions(IDictionary<String, Object>) | Add multiple conditions to the Policy. |
AddFederatedPrincipal(Object, IDictionary<String, Object>) | Adds a federated identity provider such as Amazon Cognito to this policy statement. |
AddNotActions(String[]) | Explicitly allow all actions except the specified list of actions into the "NotAction" section of the policy document. |
AddNotPrincipals(IPrincipal[]) | Specify principals that is not allowed or denied access to the "NotPrincipal" section of a policy statement. |
AddNotResources(String[]) | Specify resources that this policy statement will not apply to in the "NotResource" section of this policy statement. |
AddPrincipals(IPrincipal[]) | Adds principals to the "Principal" section of a policy statement. |
AddResources(String[]) | Specify resources that this policy statement applies into the "Resource" section of this policy statement. |
AddServicePrincipal(String, IServicePrincipalOpts) | Adds a service principal to this policy statement. |
FromJson(Object) | Creates a new PolicyStatement based on the object provided. |
ToJSON() | JSON-ify the statement. |
ToStatementJson() | JSON-ify the policy statement. |
ToString() | String representation of this policy statement. |
ValidateForAnyPolicy() | Validate that the policy statement satisfies base requirements for a policy. |
ValidateForIdentityPolicy() | Validate that the policy statement satisfies all requirements for an identity-based policy. |
ValidateForResourcePolicy() | Validate that the policy statement satisfies all requirements for a resource-based policy. |
Constructors
PolicyStatement(IPolicyStatementProps)
PolicyStatement(ByRefValue)
Used by jsii to construct an instance of this class from a Javascript-owned object reference
protected PolicyStatement(ByRefValue reference)
Parameters
- reference Amazon.JSII.Runtime.Deputy.ByRefValue
The Javascript-owned object reference
PolicyStatement(DeputyBase.DeputyProps)
Used by jsii to construct an instance of this class from DeputyProps
protected PolicyStatement(DeputyBase.DeputyProps props)
Parameters
- props Amazon.JSII.Runtime.Deputy.DeputyBase.DeputyProps
The deputy props
Properties
Effect
Whether to allow or deny the actions in this statement.
public virtual Effect Effect { get; set; }
Property Value
HasPrincipal
Indicates if this permission has a "Principal" section.
public virtual bool HasPrincipal { get; }
Property Value
System.Boolean
HasResource
Indicates if this permission as at least one resource associated with it.
public virtual bool HasResource { get; }
Property Value
System.Boolean
Sid
Statement ID for this statement.
public virtual string Sid { get; set; }
Property Value
System.String
Methods
AddAccountCondition(String)
Add a condition that limits to a given account.
public virtual void AddAccountCondition(string accountId)
Parameters
- accountId System.String
AddAccountRootPrincipal()
Adds an AWS account root user principal to this policy statement.
public virtual void AddAccountRootPrincipal()
AddActions(String[])
Specify allowed actions into the "Action" section of the policy statement.
public virtual void AddActions(params string[] actions)
Parameters
- actions System.String[]
actions that will be allowed.
Remarks
AddAllResources()
Adds a "*"
resource to this statement.
public virtual void AddAllResources()
AddAnyPrincipal()
Adds all identities in all accounts ("*") to this policy statement.
public virtual void AddAnyPrincipal()
AddArnPrincipal(String)
Specify a principal using the ARN identifier of the principal.
public virtual void AddArnPrincipal(string arn)
Parameters
- arn System.String
ARN identifier of AWS account, IAM user, or IAM role (i.e. arn:aws:iam::123456789012:user/user-name).
Remarks
You cannot specify IAM groups and instance profiles as principals.
AddAwsAccountPrincipal(String)
Specify AWS account ID as the principal entity to the "Principal" section of a policy statement.
public virtual void AddAwsAccountPrincipal(string accountId)
Parameters
- accountId System.String
AddCanonicalUserPrincipal(String)
Adds a canonical user ID principal to this policy document.
public virtual void AddCanonicalUserPrincipal(string canonicalUserId)
Parameters
- canonicalUserId System.String
unique identifier assigned by AWS for every account.
AddCondition(String, Object)
Add a condition to the Policy.
public virtual void AddCondition(string key, object value)
Parameters
- key System.String
- value System.Object
AddConditions(IDictionary<String, Object>)
Add multiple conditions to the Policy.
public virtual void AddConditions(IDictionary<string, object> conditions)
Parameters
- conditions System.Collections.Generic.IDictionary<System.String, System.Object>
AddFederatedPrincipal(Object, IDictionary<String, Object>)
Adds a federated identity provider such as Amazon Cognito to this policy statement.
public virtual void AddFederatedPrincipal(object federated, IDictionary<string, object> conditions)
Parameters
- federated System.Object
federated identity provider (i.e. 'cognito-identity.amazonaws.com').
- conditions System.Collections.Generic.IDictionary<System.String, System.Object>
The conditions under which the policy is in effect.
AddNotActions(String[])
Explicitly allow all actions except the specified list of actions into the "NotAction" section of the policy document.
public virtual void AddNotActions(params string[] notActions)
Parameters
- notActions System.String[]
actions that will be denied.
Remarks
AddNotPrincipals(IPrincipal[])
Specify principals that is not allowed or denied access to the "NotPrincipal" section of a policy statement.
public virtual void AddNotPrincipals(params IPrincipal[] notPrincipals)
Parameters
- notPrincipals IPrincipal[]
IAM principals that will be denied access.
Remarks
AddNotResources(String[])
Specify resources that this policy statement will not apply to in the "NotResource" section of this policy statement.
public virtual void AddNotResources(params string[] arns)
Parameters
- arns System.String[]
Amazon Resource Names (ARNs) of the resources that this policy statement does not apply to.
Remarks
All resources except the specified list will be matched.
See: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notresource.html
AddPrincipals(IPrincipal[])
Adds principals to the "Principal" section of a policy statement.
public virtual void AddPrincipals(params IPrincipal[] principals)
Parameters
- principals IPrincipal[]
IAM principals that will be added.
Remarks
AddResources(String[])
Specify resources that this policy statement applies into the "Resource" section of this policy statement.
public virtual void AddResources(params string[] arns)
Parameters
- arns System.String[]
Amazon Resource Names (ARNs) of the resources that this policy statement applies to.
Remarks
AddServicePrincipal(String, IServicePrincipalOpts)
Adds a service principal to this policy statement.
public virtual void AddServicePrincipal(string service, IServicePrincipalOpts opts = null)
Parameters
- service System.String
the service name for which a service principal is requested (e.g:
s3.amazonaws.com
).- opts IServicePrincipalOpts
options for adding the service principal (such as specifying a principal in a different region).
FromJson(Object)
Creates a new PolicyStatement based on the object provided.
public static PolicyStatement FromJson(object obj)
Parameters
- obj System.Object
the PolicyStatement in object form.
Returns
Remarks
This will accept an object created from the .toJSON()
call
ToJSON()
JSON-ify the statement.
public virtual object ToJSON()
Returns
System.Object
Remarks
Used when JSON.stringify() is called
ToStatementJson()
JSON-ify the policy statement.
public virtual object ToStatementJson()
Returns
System.Object
Remarks
Used when JSON.stringify() is called
ToString()
String representation of this policy statement.
public override string ToString()
Returns
System.String
ValidateForAnyPolicy()
Validate that the policy statement satisfies base requirements for a policy.
public virtual string[] ValidateForAnyPolicy()
Returns
System.String[]
ValidateForIdentityPolicy()
Validate that the policy statement satisfies all requirements for an identity-based policy.
public virtual string[] ValidateForIdentityPolicy()
Returns
System.String[]
ValidateForResourcePolicy()
Validate that the policy statement satisfies all requirements for a resource-based policy.
public virtual string[] ValidateForResourcePolicy()
Returns
System.String[]