Interface IPolicyDocumentProps
Properties for a new PolicyDocument.
Namespace: Amazon.CDK.AWS.IAM
Assembly: Amazon.CDK.AWS.IAM.dll
Syntax (csharp)
public interface IPolicyDocumentProps
Syntax (vb)
Public Interface IPolicyDocumentProps
Remarks
ExampleMetadata: infused
Examples
var myTrustedAdminRole = Role.FromRoleArn(this, "TrustedRole", "arn:aws:iam:....");
// Creates a limited admin policy and assigns to the account root.
var myCustomPolicy = new PolicyDocument(new PolicyDocumentProps {
Statements = new [] { new PolicyStatement(new PolicyStatementProps {
Actions = new [] { "kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*" },
Principals = new [] { new AccountRootPrincipal() },
Resources = new [] { "*" }
}) }
});
var key = new Key(this, "MyKey", new KeyProps {
Policy = myCustomPolicy
});
Synopsis
Properties
AssignSids | Automatically assign Statement Ids to all statements. |
Minimize | Try to minimize the policy by merging statements. |
Statements | Initial statements to add to the policy document. |
Properties
AssignSids
Automatically assign Statement Ids to all statements.
virtual Nullable<bool> AssignSids { get; }
Property Value
System.Nullable<System.Boolean>
Remarks
Default: false
Minimize
Try to minimize the policy by merging statements.
virtual Nullable<bool> Minimize { get; }
Property Value
System.Nullable<System.Boolean>
Remarks
To avoid overrunning the maximum policy size, combine statements if they produce the same result. Merging happens according to the following rules:
Default: - false, unless the feature flag @aws-cdk/aws-iam:minimizePolicies
is set
Statements
Initial statements to add to the policy document.
virtual PolicyStatement[] Statements { get; }
Property Value
Remarks
Default: - No statements