PermissionsBoundary

class aws_cdk.aws_iam.PermissionsBoundary(*args: Any, **kwargs)

Bases: object

Modify the Permissions Boundaries of Users and Roles in a construct tree.

Example:

policy = iam.ManagedPolicy.from_aws_managed_policy_name("ReadOnlyAccess")
iam.PermissionsBoundary.of(self).apply(policy)

Example:

# project is of type Project

iam.PermissionsBoundary.of(project).apply(codebuild.UntrustedCodeBoundaryPolicy(self, "Boundary"))

Methods

apply(boundary_policy)

Apply the given policy as Permissions Boundary to all Roles and Users in the scope.

Will override any Permissions Boundaries configured previously; in case a Permission Boundary is applied in multiple scopes, the Boundary applied closest to the Role wins.

Parameters

boundary_policy (IManagedPolicy) –

Return type

None

clear()

Remove previously applied Permissions Boundaries.

Return type

None

Static Methods

classmethod of(scope)

Access the Permissions Boundaries of a construct tree.

Parameters

scope (IConstruct) –

Return type

PermissionsBoundary