Class PolicyDocument
A PolicyDocument is a collection of statements.
Inheritance
Implements
Namespace: Amazon.CDK.AWS.IAM
Assembly: Amazon.CDK.AWS.IAM.dll
Syntax (csharp)
public class PolicyDocument : DeputyBase, IResolvable
Syntax (vb)
Public Class PolicyDocument
Inherits DeputyBase
Implements IResolvable
Remarks
ExampleMetadata: infused
Examples
var myTrustedAdminRole = Role.FromRoleArn(this, "TrustedRole", "arn:aws:iam:....");
// Creates a limited admin policy and assigns to the account root.
var myCustomPolicy = new PolicyDocument(new PolicyDocumentProps {
Statements = new [] { new PolicyStatement(new PolicyStatementProps {
Actions = new [] { "kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*" },
Principals = new [] { new AccountRootPrincipal() },
Resources = new [] { "*" }
}) }
});
var key = new Key(this, "MyKey", new KeyProps {
Policy = myCustomPolicy
});
Synopsis
Constructors
PolicyDocument(IPolicyDocumentProps) | |
PolicyDocument(ByRefValue) | Used by jsii to construct an instance of this class from a Javascript-owned object reference |
PolicyDocument(DeputyBase.DeputyProps) | Used by jsii to construct an instance of this class from DeputyProps |
Properties
CreationStack | The creation stack of this resolvable which will be appended to errors thrown during resolution. |
IsEmpty | Whether the policy document contains any statements. |
StatementCount | The number of statements already added to this policy. |
Methods
AddStatements(PolicyStatement[]) | Adds a statement to the policy document. |
FromJson(Object) | Creates a new PolicyDocument based on the object provided. |
Resolve(IResolveContext) | Produce the Token's value at resolution time. |
ToJSON() | JSON-ify the document. |
ToString() | Encode the policy document as a string. |
ValidateForAnyPolicy() | Validate that all policy statements in the policy document satisfies the requirements for any policy. |
ValidateForIdentityPolicy() | Validate that all policy statements in the policy document satisfies the requirements for an identity-based policy. |
ValidateForResourcePolicy() | Validate that all policy statements in the policy document satisfies the requirements for a resource-based policy. |
Constructors
PolicyDocument(IPolicyDocumentProps)
PolicyDocument(ByRefValue)
Used by jsii to construct an instance of this class from a Javascript-owned object reference
protected PolicyDocument(ByRefValue reference)
Parameters
- reference Amazon.JSII.Runtime.Deputy.ByRefValue
The Javascript-owned object reference
PolicyDocument(DeputyBase.DeputyProps)
Used by jsii to construct an instance of this class from DeputyProps
protected PolicyDocument(DeputyBase.DeputyProps props)
Parameters
- props Amazon.JSII.Runtime.Deputy.DeputyBase.DeputyProps
The deputy props
Properties
CreationStack
The creation stack of this resolvable which will be appended to errors thrown during resolution.
public virtual string[] CreationStack { get; }
Property Value
System.String[]
Remarks
This may return an array with a single informational element indicating how to get this property populated, if it was skipped for performance reasons.
IsEmpty
Whether the policy document contains any statements.
public virtual bool IsEmpty { get; }
Property Value
System.Boolean
StatementCount
The number of statements already added to this policy.
public virtual double StatementCount { get; }
Property Value
System.Double
Remarks
Can be used, for example, to generate unique "sid"s within the policy.
Methods
AddStatements(PolicyStatement[])
Adds a statement to the policy document.
public virtual void AddStatements(params PolicyStatement[] statement)
Parameters
- statement PolicyStatement[]
the statement to add.
FromJson(Object)
Creates a new PolicyDocument based on the object provided.
public static PolicyDocument FromJson(object obj)
Parameters
- obj System.Object
the PolicyDocument in object form.
Returns
Remarks
This will accept an object created from the .toJSON()
call
Resolve(IResolveContext)
Produce the Token's value at resolution time.
public virtual object Resolve(IResolveContext context)
Parameters
- context IResolveContext
Returns
System.Object
ToJSON()
JSON-ify the document.
public virtual object ToJSON()
Returns
System.Object
Remarks
Used when JSON.stringify() is called
ToString()
Encode the policy document as a string.
public override string ToString()
Returns
System.String
ValidateForAnyPolicy()
Validate that all policy statements in the policy document satisfies the requirements for any policy.
public virtual string[] ValidateForAnyPolicy()
Returns
System.String[]
An array of validation error messages, or an empty array if the document is valid.
Remarks
ValidateForIdentityPolicy()
Validate that all policy statements in the policy document satisfies the requirements for an identity-based policy.
public virtual string[] ValidateForIdentityPolicy()
Returns
System.String[]
An array of validation error messages, or an empty array if the document is valid.
Remarks
ValidateForResourcePolicy()
Validate that all policy statements in the policy document satisfies the requirements for a resource-based policy.
public virtual string[] ValidateForResourcePolicy()
Returns
System.String[]
An array of validation error messages, or an empty array if the document is valid.