@Generated(value="jsii-pacmak/1.73.0 (build 6faeda3)", date="2023-01-25T18:28:57.790Z") public class ManagedPolicy extends Resource implements IManagedPolicy
Example:
Role myRole = Role.Builder.create(this, "My Role") .assumedBy(new ServicePrincipal("sns.amazonaws.com")) .build(); Function fn = Function.Builder.create(this, "MyFunction") .runtime(Runtime.NODEJS_16_X) .handler("index.handler") .code(Code.fromAsset(join(__dirname, "lambda-handler"))) .role(myRole) .build(); myRole.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaBasicExecutionRole")); myRole.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaVPCAccessExecutionRole"));
Modifier and Type | Class and Description |
---|---|
static class |
ManagedPolicy.Builder
A fluent builder for
ManagedPolicy . |
IManagedPolicy.Jsii$Default, IManagedPolicy.Jsii$Proxy
IResource.Jsii$Default
Modifier | Constructor and Description |
---|---|
protected |
ManagedPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) |
protected |
ManagedPolicy(software.amazon.jsii.JsiiObjectRef objRef) |
|
ManagedPolicy(software.constructs.Construct scope,
java.lang.String id) |
|
ManagedPolicy(software.constructs.Construct scope,
java.lang.String id,
ManagedPolicyProps props) |
Modifier and Type | Method and Description |
---|---|
void |
addStatements(PolicyStatement... statement)
Adds a statement to the policy document.
|
void |
attachToGroup(IGroup group)
Attaches this policy to a group.
|
void |
attachToRole(IRole role)
Attaches this policy to a role.
|
void |
attachToUser(IUser user)
Attaches this policy to a user.
|
static IManagedPolicy |
fromAwsManagedPolicyName(java.lang.String managedPolicyName)
Import a managed policy from one of the policies that AWS manages.
|
static IManagedPolicy |
fromManagedPolicyArn(software.constructs.Construct scope,
java.lang.String id,
java.lang.String managedPolicyArn)
Import an external managed policy by ARN.
|
static IManagedPolicy |
fromManagedPolicyName(software.constructs.Construct scope,
java.lang.String id,
java.lang.String managedPolicyName)
Import a customer managed policy from the managedPolicyName.
|
java.lang.String |
getDescription()
The description of this policy.
|
PolicyDocument |
getDocument()
The policy document.
|
java.lang.String |
getManagedPolicyArn()
Returns the ARN of this managed policy.
|
java.lang.String |
getManagedPolicyName()
The name of this policy.
|
java.lang.String |
getPath()
The path of this policy.
|
protected java.util.List<java.lang.String> |
validate()
Validate the current construct.
|
applyRemovalPolicy, generatePhysicalName, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isResource
getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
getNode
protected ManagedPolicy(software.amazon.jsii.JsiiObjectRef objRef)
protected ManagedPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
public ManagedPolicy(software.constructs.Construct scope, java.lang.String id, ManagedPolicyProps props)
scope
- This parameter is required.id
- This parameter is required.props
- public ManagedPolicy(software.constructs.Construct scope, java.lang.String id)
scope
- This parameter is required.id
- This parameter is required.public static IManagedPolicy fromAwsManagedPolicyName(java.lang.String managedPolicyName)
For this managed policy, you only need to know the name to be able to use it.
Some managed policy names start with "service-role/", some start with "job-function/", and some don't start with anything. Include the prefix when constructing this object.
managedPolicyName
- This parameter is required.public static IManagedPolicy fromManagedPolicyArn(software.constructs.Construct scope, java.lang.String id, java.lang.String managedPolicyArn)
For this managed policy, you only need to know the ARN to be able to use it. This can be useful if you got the ARN from a CloudFormation Export.
If the imported Managed Policy ARN is a Token (such as a
CfnParameter.valueAsString
or a Fn.importValue()
) and the referenced
managed policy has a path
(like arn:...:policy/AdminPolicy/AdminAllow
), the
managedPolicyName
property will not resolve to the correct value. Instead it
will resolve to the first path component. We unfortunately cannot express
the correct calculation of the full path name as a CloudFormation
expression. In this scenario the Managed Policy ARN should be supplied without the
path
in order to resolve the correct managed policy resource.
scope
- construct scope. This parameter is required.id
- construct id. This parameter is required.managedPolicyArn
- the ARN of the managed policy to import. This parameter is required.public static IManagedPolicy fromManagedPolicyName(software.constructs.Construct scope, java.lang.String id, java.lang.String managedPolicyName)
For this managed policy, you only need to know the name to be able to use it.
scope
- This parameter is required.id
- This parameter is required.managedPolicyName
- This parameter is required.public void addStatements(PolicyStatement... statement)
statement
- This parameter is required.public void attachToGroup(IGroup group)
group
- This parameter is required.public void attachToRole(IRole role)
role
- This parameter is required.public void attachToUser(IUser user)
user
- This parameter is required.protected java.util.List<java.lang.String> validate()
This method can be implemented by derived constructs in order to perform validation logic. It is called on all constructs before synthesis.
public java.lang.String getDescription()
public PolicyDocument getDocument()
public java.lang.String getManagedPolicyArn()
getManagedPolicyArn
in interface IManagedPolicy
public java.lang.String getManagedPolicyName()
public java.lang.String getPath()