PolicyStatement

class aws_cdk.aws_iam.PolicyStatement(*, actions=None, conditions=None, effect=None, not_actions=None, not_principals=None, not_resources=None, principals=None, resources=None)

Bases: object

Represents a statement in an IAM policy document.

__init__(*, actions=None, conditions=None, effect=None, not_actions=None, not_principals=None, not_resources=None, principals=None, resources=None)
Parameters

  • actions (Optional[List[str]]) – List of actions to add to the statement. Default: - no actions

  • conditions (Optional[Mapping[str, Any]]) – Conditions to add to the statement. Default: - no condition

  • effect (Optional[Effect]) – Whether to allow or deny the actions in this statement. Default: - allow

  • not_actions (Optional[List[str]]) – List of not actions to add to the statement. Default: - no not-actions

  • not_principals (Optional[List[IPrincipal]]) – List of not principals to add to the statement. Default: - no not principals

  • not_resources (Optional[List[str]]) – NotResource ARNs to add to the statement. Default: - no not-resources

  • principals (Optional[List[IPrincipal]]) – List of principals to add to the statement. Default: - no principals

  • resources (Optional[List[str]]) – Resource ARNs to add to the statement. Default: - no resources

Return type

None

Methods

add_account_condition(account_id)

Add a condition that limits to a given account.

Parameters

account_id (str) –

Return type

None

add_account_root_principal()
Return type

None

add_actions(*actions)
Parameters

actions (str) –

Return type

None

add_all_resources()

Adds a "*" resource to this statement.

Return type

None

add_any_principal()
Return type

None

add_arn_principal(arn)
Parameters

arn (str) –

Return type

None

add_aws_account_principal(account_id)
Parameters

account_id (str) –

Return type

None

add_canonical_user_principal(canonical_user_id)
Parameters

canonical_user_id (str) –

Return type

None

add_condition(key, value)

Add a condition to the Policy.

Parameters

  • key (str) –

  • value (Any) –

Return type

None

add_conditions(conditions)

Add multiple conditions to the Policy.

Parameters

conditions (Mapping[str, Any]) –

Return type

None

add_federated_principal(federated, conditions)
Parameters

  • federated (Any) –

  • conditions (Mapping[str, Any]) –

Return type

None

add_not_actions(*not_actions)
Parameters

not_actions (str) –

Return type

None

add_not_principals(*not_principals)
Parameters

not_principals (IPrincipal) –

Return type

None

add_not_resources(*arns)
Parameters

arns (str) –

Return type

None

add_principals(*principals)
Parameters

principals (IPrincipal) –

Return type

None

add_resources(*arns)
Parameters

arns (str) –

Return type

None

add_service_principal(service, *, conditions=None, region=None)

Adds a service principal to this policy statement.

Parameters

  • service (str) – the service name for which a service principal is requested (e.g: s3.amazonaws.com).

  • conditions (Optional[Mapping[str, Any]]) – Additional conditions to add to the Service Principal. Default: - No conditions

  • region (Optional[str]) – The region in which the service is operating. Default: the current Stack’s region.

Return type

None

to_json()

JSON-ify the statement.

Used when JSON.stringify() is called

Return type

Any

to_statement_json()
Return type

Any

to_string()
Return type

str

Attributes

effect
Return type

Effect

has_principal

Indicates if this permission has a “Principal” section.

Return type

bool

has_resource

Indicates if this permission as at least one resource associated with it.

Return type

bool

sid

Statement ID for this statement.

Return type

Optional[str]