AwsCustomResourcePolicy¶
-
class
aws_cdk.custom_resources.
AwsCustomResourcePolicy
(*args, **kwargs)¶ Bases:
object
The IAM Policy that will be applied to the different calls.
Attributes
-
ANY_RESOURCE
= ['*']¶
-
resources
¶ resources for auto-generated from SDK calls.
- Return type
Optional
[List
[str
]]
-
statements
¶ statements for explicit policy.
- Return type
List
[PolicyStatement
]
Static Methods
-
classmethod
from_sdk_calls
(*, resources)¶ Generate IAM Policy Statements from the configured SDK calls.
Each SDK call with be translated to an IAM Policy Statement in the form of:
call.service:call.action
(e.gs3:PutObject
).- Parameters
resources (
List
[str
]) – The resources that the calls will have access to. It is best to use specific resource ARN’s when possible. However, you can also useAwsCustomResourcePolicy.ANY_RESOURCE
to allow access to all resources. For example, whenonCreate
is used to create a resource which you don’t know the physical name of in advance. Note that will apply to ALL SDK calls.- Return type
-
classmethod
from_statements
(statements)¶ Explicit IAM Policy Statements.
- Parameters
statements (
List
[PolicyStatement
]) – the statements to propagate to the SDK calls.- Return type
-