AwsCustomResourcePolicy

class aws_cdk.custom_resources.AwsCustomResourcePolicy(*args, **kwargs)

Bases: object

The IAM Policy that will be applied to the different calls.

Attributes

ANY_RESOURCE = ['*']

resources

resources for auto-generated from SDK calls.

Return type

Optional[List[str]]

statements

statements for explicit policy.

Return type

List[PolicyStatement]

Static Methods

classmethod from_sdk_calls(*, resources)

Generate IAM Policy Statements from the configured SDK calls.

Each SDK call with be translated to an IAM Policy Statement in the form of: call.service:call.action (e.g s3:PutObject).

Parameters

resources (List[str]) – The resources that the calls will have access to. It is best to use specific resource ARN’s when possible. However, you can also use AwsCustomResourcePolicy.ANY_RESOURCE to allow access to all resources. For example, when onCreate is used to create a resource which you don’t know the physical name of in advance. Note that will apply to ALL SDK calls.

Return type

AwsCustomResourcePolicy

classmethod from_statements(statements)

Explicit IAM Policy Statements.

Parameters

statements (List[PolicyStatement]) – the statements to propagate to the SDK calls.

Return type

AwsCustomResourcePolicy