PolicyStatementProps

class aws_cdk.aws_iam.PolicyStatementProps(*, actions=None, conditions=None, effect=None, not_actions=None, not_principals=None, not_resources=None, principals=None, resources=None, sid=None)

Bases: object

__init__(*, actions=None, conditions=None, effect=None, not_actions=None, not_principals=None, not_resources=None, principals=None, resources=None, sid=None)

Interface for creating a policy statement.

Parameters
  • actions (Optional[List[str]]) – List of actions to add to the statement. Default: - no actions

  • conditions (Optional[Mapping[str, Any]]) – Conditions to add to the statement. Default: - no condition

  • effect (Optional[Effect]) – Whether to allow or deny the actions in this statement. Default: Effect.ALLOW

  • not_actions (Optional[List[str]]) – List of not actions to add to the statement. Default: - no not-actions

  • not_principals (Optional[List[IPrincipal]]) – List of not principals to add to the statement. Default: - no not principals

  • not_resources (Optional[List[str]]) – NotResource ARNs to add to the statement. Default: - no not-resources

  • principals (Optional[List[IPrincipal]]) – List of principals to add to the statement. Default: - no principals

  • resources (Optional[List[str]]) – Resource ARNs to add to the statement. Default: - no resources

  • sid (Optional[str]) – The Sid (statement ID) is an optional identifier that you provide for the policy statement. You can assign a Sid value to each statement in a statement array. In services that let you specify an ID element, such as SQS and SNS, the Sid value is just a sub-ID of the policy document’s ID. In IAM, the Sid value must be unique within a JSON policy. Default: - no sid

Return type

None

Attributes

actions

List of actions to add to the statement.

default :default: - no actions

Return type

Optional[List[str]]

conditions

Conditions to add to the statement.

default :default: - no condition

Return type

Optional[Mapping[str, Any]]

effect

Whether to allow or deny the actions in this statement.

default :default: Effect.ALLOW

Return type

Optional[Effect]

not_actions

List of not actions to add to the statement.

default :default: - no not-actions

Return type

Optional[List[str]]

not_principals

List of not principals to add to the statement.

default :default: - no not principals

Return type

Optional[List[IPrincipal]]

not_resources

NotResource ARNs to add to the statement.

default :default: - no not-resources

Return type

Optional[List[str]]

principals

List of principals to add to the statement.

default :default: - no principals

Return type

Optional[List[IPrincipal]]

resources

Resource ARNs to add to the statement.

default :default: - no resources

Return type

Optional[List[str]]

sid

The Sid (statement ID) is an optional identifier that you provide for the policy statement.

You can assign a Sid value to each statement in a statement array. In services that let you specify an ID element, such as SQS and SNS, the Sid value is just a sub-ID of the policy document’s ID. In IAM, the Sid value must be unique within a JSON policy.

default :default: - no sid

Return type

Optional[str]