PolicyDocument

class aws_cdk.aws_iam.PolicyDocument(*, assign_sids=None, statements=None)

Bases: object

A PolicyDocument is a collection of statements.

Parameters
  • assign_sids (Optional[bool]) – Automatically assign Statement Ids to all statements. Default: false

  • statements (Optional[List[PolicyStatement]]) – Initial statements to add to the policy document. Default: - No statements

Methods

add_statements(*statement)

Adds a statement to the policy document.

Parameters

statement (PolicyStatement) – the statement to add.

Return type

None

resolve(context)

Produce the Token’s value at resolution time.

Parameters

context (IResolveContext) –

Return type

Any

to_json()

JSON-ify the document.

Used when JSON.stringify() is called

Return type

Any

to_string()

Encode the policy document as a string.

Return type

str

validate_for_any_policy()

Validate that all policy statements in the policy document satisfies the requirements for any policy.

See

https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json

Return type

List[str]

validate_for_identity_policy()

Validate that all policy statements in the policy document satisfies the requirements for an identity-based policy.

See

https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json

Return type

List[str]

validate_for_resource_policy()

Validate that all policy statements in the policy document satisfies the requirements for a resource-based policy.

See

https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json

Return type

List[str]

Attributes

creation_stack

The creation stack of this resolvable which will be appended to errors thrown during resolution.

This may return an array with a single informational element indicating how to get this property populated, if it was skipped for performance reasons.

Return type

List[str]

is_empty

Whether the policy document contains any statements.

Return type

bool

statement_count

The number of statements already added to this policy.

Can be used, for example, to generate unique “sid”s within the policy.

Return type

Union[int, float]

Static Methods

classmethod from_json(obj)

Creates a new PolicyDocument based on the object provided.

This will accept an object created from the .toJSON() call

Parameters

obj (Any) – the PolicyDocument in object form.

Return type

PolicyDocument