ManagedPolicy

class aws_cdk.aws_iam.ManagedPolicy(scope, id, *, description=None, groups=None, managed_policy_name=None, path=None, roles=None, statements=None, users=None)

Bases: aws_cdk.core.Resource

Managed policy.

__init__(scope, id, *, description=None, groups=None, managed_policy_name=None, path=None, roles=None, statements=None, users=None)
Parameters
  • scope (Construct) –

  • id (str) –

  • props

  • description (Optional[str]) – A description of the managed policy. Typically used to store information about the permissions defined in the policy. For example, “Grants access to production DynamoDB tables.” The policy description is immutable. After a value is assigned, it cannot be changed. Default: - empty

  • groups (Optional[List[IGroup]]) – Groups to attach this policy to. You can also use attachToGroup(group) to attach this policy to a group. Default: - No groups.

  • managed_policy_name (Optional[str]) – The name of the managed policy. If you specify multiple policies for an entity, specify unique names. For example, if you specify a list of policies for an IAM role, each policy must have a unique name. Default: - A name is automatically generated.

  • path (Optional[str]) – The path for the policy. This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (!) through the DEL character (), including most punctuation characters, digits, and upper and lowercased letters. For more information about paths, see IAM Identifiers in the IAM User Guide. Default: - “/”

  • roles (Optional[List[IRole]]) – Roles to attach this policy to. You can also use attachToRole(role) to attach this policy to a role. Default: - No roles.

  • statements (Optional[List[PolicyStatement]]) – Initial set of permissions to add to this policy document. You can also use addPermission(statement) to add permissions later. Default: - No statements.

  • users (Optional[List[IUser]]) – Users to attach this policy to. You can also use attachToUser(user) to attach this policy to a user. Default: - No users.

Return type

None

Methods

add_statements(*statement)

Adds a statement to the policy document.

Parameters

statement (PolicyStatement) –

Return type

None

attach_to_group(group)

Attaches this policy to a group.

Parameters

group (IGroup) –

Return type

None

attach_to_role(role)

Attaches this policy to a role.

Parameters

role (IRole) –

Return type

None

attach_to_user(user)

Attaches this policy to a user.

Parameters

user (IUser) –

Return type

None

to_string()

Returns a string representation of this construct.

Return type

str

Attributes

description

The description of this policy.

attribute: :attribute:: true

Return type

str

document

The policy document.

Return type

PolicyDocument

managed_policy_arn

Returns the ARN of this managed policy.

attribute: :attribute:: true

Return type

str

managed_policy_name

The name of this policy.

attribute: :attribute:: true

Return type

str

node

Construct tree node which offers APIs for interacting with the construct tree.

Return type

ConstructNode

path

The path of this policy.

attribute: :attribute:: true

Return type

str

stack

The stack in which this resource is defined.

Return type

Stack

Static Methods

classmethod from_aws_managed_policy_name(managed_policy_name)

Construct a managed policy from one of the policies that AWS manages.

For this managed policy, you only need to know the name to be able to use it.

Some managed policy names start with “service-role/”, some start with “job-function/”, and some don’t start with anything. Do include the prefix when constructing this object.

Parameters

managed_policy_name (str) –

Return type

IManagedPolicy

classmethod from_managed_policy_name(scope, id, managed_policy_name)

Construct a customer managed policy from the managedPolicyName.

For this managed policy, you only need to know the name to be able to use it.

Parameters
  • scope (Construct) –

  • id (str) –

  • managed_policy_name (str) –

Return type

IManagedPolicy

classmethod is_construct(x)

Return whether the given object is a Construct.

Parameters

x (Any) –

Return type

bool