Interface IManagedPolicyProps
Properties for defining an IAM managed policy.
Namespace: Amazon.CDK.AWS.IAM
Assembly: Amazon.CDK.AWS.IAM.dll
Syntax (csharp)
public interface IManagedPolicyProps
Syntax (vb)
Public Interface IManagedPolicyProps
Remarks
ExampleMetadata: infused
Examples
IDictionary<string, object> policyDocument = new Dictionary<string, object> {
{ "Version", "2012-10-17" },
{ "Statement", new [] { new Dictionary<string, object> {
{ "Sid", "FirstStatement" },
{ "Effect", "Allow" },
{ "Action", new [] { "iam:ChangePassword" } },
{ "Resource", "*" }
}, new Dictionary<string, string> {
{ "Sid", "SecondStatement" },
{ "Effect", "Allow" },
{ "Action", "s3:ListAllMyBuckets" },
{ "Resource", "*" }
}, new Dictionary<string, object> {
{ "Sid", "ThirdStatement" },
{ "Effect", "Allow" },
{ "Action", new [] { "s3:List*", "s3:Get*" } },
{ "Resource", new [] { "arn:aws:s3:::confidential-data", "arn:aws:s3:::confidential-data/*" } },
{ "Condition", new Dictionary<string, IDictionary<string, string>> { { "Bool", new Dictionary<string, string> { { "aws:MultiFactorAuthPresent", "true" } } } } }
} } }
};
var customPolicyDocument = PolicyDocument.FromJson(policyDocument);
// You can pass this document as an initial document to a ManagedPolicy
// or inline Policy.
var newManagedPolicy = new ManagedPolicy(this, "MyNewManagedPolicy", new ManagedPolicyProps {
Document = customPolicyDocument
});
var newPolicy = new Policy(this, "MyNewPolicy", new PolicyProps {
Document = customPolicyDocument
});
Synopsis
Properties
Description | A description of the managed policy. |
Document | Initial PolicyDocument to use for this ManagedPolicy. |
Groups | Groups to attach this policy to. |
ManagedPolicyName | The name of the managed policy. |
Path | The path for the policy. |
Roles | Roles to attach this policy to. |
Statements | Initial set of permissions to add to this policy document. |
Users | Users to attach this policy to. |
Properties
Description
A description of the managed policy.
virtual string Description { get; }
Property Value
System.String
Remarks
Typically used to store information about the permissions defined in the policy. For example, "Grants access to production DynamoDB tables." The policy description is immutable. After a value is assigned, it cannot be changed.
Default: - empty
Document
Initial PolicyDocument to use for this ManagedPolicy.
virtual PolicyDocument Document { get; }
Property Value
Remarks
If omited, any
PolicyStatement
provided in the statements
property will be applied
against the empty default PolicyDocument
.
Default: - An empty policy.
Groups
Groups to attach this policy to.
virtual IGroup[] Groups { get; }
Property Value
IGroup[]
Remarks
You can also use attachToGroup(group)
to attach this policy to a group.
Default: - No groups.
ManagedPolicyName
The name of the managed policy.
virtual string ManagedPolicyName { get; }
Property Value
System.String
Remarks
If you specify multiple policies for an entity, specify unique names. For example, if you specify a list of policies for an IAM role, each policy must have a unique name.
Default: - A name is automatically generated.
Path
The path for the policy.
virtual string Path { get; }
Property Value
System.String
Remarks
This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.
For more information about paths, see IAM Identifiers in the IAM User Guide.
Default: - "/"
Roles
Roles to attach this policy to.
virtual IRole[] Roles { get; }
Property Value
IRole[]
Remarks
You can also use attachToRole(role)
to attach this policy to a role.
Default: - No roles.
Statements
Initial set of permissions to add to this policy document.
virtual PolicyStatement[] Statements { get; }
Property Value
Remarks
You can also use addPermission(statement)
to add permissions later.
Default: - No statements.
Users
Users to attach this policy to.
virtual IUser[] Users { get; }
Property Value
IUser[]
Remarks
You can also use attachToUser(user)
to attach this policy to a user.
Default: - No users.