PolicyProps¶
-
class
aws_cdk.aws_iam.
PolicyProps
(*, document=None, force=None, groups=None, policy_name=None, roles=None, statements=None, users=None)¶ Bases:
object
Properties for defining an IAM inline policy document.
- Parameters
document (
Optional
[PolicyDocument
]) – Initial PolicyDocument to use for this Policy. If omited, anyPolicyStatement
provided in thestatements
property will be applied against the empty defaultPolicyDocument
. Default: - An empty policy.force (
Optional
[bool
]) – Force creation of anAWS::IAM::Policy
. Unless set totrue
, thisPolicy
construct will not materialize to anAWS::IAM::Policy
CloudFormation resource in case it would have no effect (for example, if it remains unattached to an IAM identity or if it has no statements). This is generally desired behavior, since it prevents creating invalid–and hence undeployable–CloudFormation templates. In cases where you know the policy must be created and it is actually an error if no statements have been added to it, you can set this totrue
. Default: falsegroups (
Optional
[List
[IGroup
]]) – Groups to attach this policy to. You can also useattachToGroup(group)
to attach this policy to a group. Default: - No groups.policy_name (
Optional
[str
]) – The name of the policy. If you specify multiple policies for an entity, specify unique names. For example, if you specify a list of policies for an IAM role, each policy must have a unique name. Default: - Uses the logical ID of the policy resource, which is ensured to be unique within the stack.roles (
Optional
[List
[IRole
]]) – Roles to attach this policy to. You can also useattachToRole(role)
to attach this policy to a role. Default: - No roles.statements (
Optional
[List
[PolicyStatement
]]) – Initial set of permissions to add to this policy document. You can also useaddStatements(...statement)
to add permissions later. Default: - No statements.users (
Optional
[List
[IUser
]]) – Users to attach this policy to. You can also useattachToUser(user)
to attach this policy to a user. Default: - No users.
Attributes
-
document
¶ Initial PolicyDocument to use for this Policy.
If omited, any
PolicyStatement
provided in thestatements
property will be applied against the empty defaultPolicyDocument
.- Default
An empty policy.
- Return type
Optional
[PolicyDocument
]
-
force
¶ Force creation of an
AWS::IAM::Policy
.Unless set to
true
, thisPolicy
construct will not materialize to anAWS::IAM::Policy
CloudFormation resource in case it would have no effect (for example, if it remains unattached to an IAM identity or if it has no statements). This is generally desired behavior, since it prevents creating invalid–and hence undeployable–CloudFormation templates.In cases where you know the policy must be created and it is actually an error if no statements have been added to it, you can set this to
true
.- Default
false
- Return type
Optional
[bool
]
-
groups
¶ Groups to attach this policy to.
You can also use
attachToGroup(group)
to attach this policy to a group.- Default
No groups.
- Return type
Optional
[List
[IGroup
]]
-
policy_name
¶ The name of the policy.
If you specify multiple policies for an entity, specify unique names. For example, if you specify a list of policies for an IAM role, each policy must have a unique name.
- Default
Uses the logical ID of the policy resource, which is ensured
to be unique within the stack.
- Return type
Optional
[str
]
-
roles
¶ Roles to attach this policy to.
You can also use
attachToRole(role)
to attach this policy to a role.- Default
No roles.
- Return type
Optional
[List
[IRole
]]
-
statements
¶ Initial set of permissions to add to this policy document.
You can also use
addStatements(...statement)
to add permissions later.- Default
No statements.
- Return type
Optional
[List
[PolicyStatement
]]