software.amazon.awscdk.services.iam

Class ManagedPolicy

java.lang.Object

software.constructs.Construct

software.amazon.awscdk.core.Construct

software.amazon.awscdk.core.Resource

software.amazon.awscdk.services.iam.ManagedPolicy

All Implemented Interfaces:

IConstruct, IDependable, IResource, IManagedPolicy

Direct Known Subclasses:

UntrustedCodeBoundaryPolicy

@Generated(value="jsii-pacmak/1.73.0 (build 6faeda3)",
           date="2023-01-25T18:28:57.790Z")
public class ManagedPolicy
extends Resource
implements IManagedPolicy

Managed policy.

Example:

 Role myRole = Role.Builder.create(this, "My Role")
         .assumedBy(new ServicePrincipal("sns.amazonaws.com"))
         .build();
 Function fn = Function.Builder.create(this, "MyFunction")
         .runtime(Runtime.NODEJS_16_X)
         .handler("index.handler")
         .code(Code.fromAsset(join(__dirname, "lambda-handler")))
         .role(myRole)
         .build();
 myRole.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaBasicExecutionRole"));
 myRole.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaVPCAccessExecutionRole"));
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	ManagedPolicy.Builder A fluent builder for ManagedPolicy.

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.iam.IManagedPolicy

IManagedPolicy.Jsii$Default, IManagedPolicy.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IResource

IResource.Jsii$Default

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	ManagedPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	ManagedPolicy(software.amazon.jsii.JsiiObjectRef objRef)
	ManagedPolicy(software.constructs.Construct scope, java.lang.String id)
	ManagedPolicy(software.constructs.Construct scope, java.lang.String id, ManagedPolicyProps props)

Method Summary

Modifier and Type	Method and Description
void	addStatements(PolicyStatement... statement) Adds a statement to the policy document.
void	attachToGroup(IGroup group) Attaches this policy to a group.
void	attachToRole(IRole role) Attaches this policy to a role.
void	attachToUser(IUser user) Attaches this policy to a user.
static IManagedPolicy	fromAwsManagedPolicyName(java.lang.String managedPolicyName) Import a managed policy from one of the policies that AWS manages.
static IManagedPolicy	fromManagedPolicyArn(software.constructs.Construct scope, java.lang.String id, java.lang.String managedPolicyArn) Import an external managed policy by ARN.
static IManagedPolicy	fromManagedPolicyName(software.constructs.Construct scope, java.lang.String id, java.lang.String managedPolicyName) Import a customer managed policy from the managedPolicyName.
java.lang.String	getDescription() The description of this policy.
PolicyDocument	getDocument() The policy document.
java.lang.String	getManagedPolicyArn() Returns the ARN of this managed policy.
java.lang.String	getManagedPolicyName() The name of this policy.
java.lang.String	getPath() The path of this policy.
protected java.util.List<java.lang.String>	validate() Validate the current construct.

Methods inherited from class software.amazon.awscdk.core.Resource

applyRemovalPolicy, generatePhysicalName, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isResource

Methods inherited from class software.amazon.awscdk.core.Construct

getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface software.amazon.awscdk.core.IConstruct

getNode

Constructor Detail

ManagedPolicy

protected ManagedPolicy(software.amazon.jsii.JsiiObjectRef objRef)

ManagedPolicy

protected ManagedPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

ManagedPolicy

public ManagedPolicy(software.constructs.Construct scope,
                     java.lang.String id,
                     ManagedPolicyProps props)

Parameters:

scope - This parameter is required.

id - This parameter is required.

props -

ManagedPolicy

public ManagedPolicy(software.constructs.Construct scope,
                     java.lang.String id)

Parameters:

scope - This parameter is required.

id - This parameter is required.

Method Detail

fromAwsManagedPolicyName

public static IManagedPolicy fromAwsManagedPolicyName(java.lang.String managedPolicyName)

Import a managed policy from one of the policies that AWS manages.

For this managed policy, you only need to know the name to be able to use it.

Some managed policy names start with "service-role/", some start with "job-function/", and some don't start with anything. Include the prefix when constructing this object.

Parameters:

managedPolicyName - This parameter is required.

fromManagedPolicyArn

public static IManagedPolicy fromManagedPolicyArn(software.constructs.Construct scope,
                                                  java.lang.String id,
                                                  java.lang.String managedPolicyArn)

Import an external managed policy by ARN.

For this managed policy, you only need to know the ARN to be able to use it. This can be useful if you got the ARN from a CloudFormation Export.

If the imported Managed Policy ARN is a Token (such as a CfnParameter.valueAsString or a Fn.importValue()) and the referenced managed policy has a path (like arn:...:policy/AdminPolicy/AdminAllow), the managedPolicyName property will not resolve to the correct value. Instead it will resolve to the first path component. We unfortunately cannot express the correct calculation of the full path name as a CloudFormation expression. In this scenario the Managed Policy ARN should be supplied without the path in order to resolve the correct managed policy resource.

Parameters:

scope - construct scope. This parameter is required.

id - construct id. This parameter is required.

managedPolicyArn - the ARN of the managed policy to import. This parameter is required.

fromManagedPolicyName

public static IManagedPolicy fromManagedPolicyName(software.constructs.Construct scope,
                                                   java.lang.String id,
                                                   java.lang.String managedPolicyName)

Import a customer managed policy from the managedPolicyName.

For this managed policy, you only need to know the name to be able to use it.

Parameters:

scope - This parameter is required.

id - This parameter is required.

managedPolicyName - This parameter is required.

addStatements

public void addStatements(PolicyStatement... statement)

Adds a statement to the policy document.

Parameters:

statement - This parameter is required.

attachToGroup

public void attachToGroup(IGroup group)

Attaches this policy to a group.

Parameters:

group - This parameter is required.

attachToRole

public void attachToRole(IRole role)

Attaches this policy to a role.

Parameters:

role - This parameter is required.

attachToUser

public void attachToUser(IUser user)

Attaches this policy to a user.

Parameters:

user - This parameter is required.

validate

protected java.util.List<java.lang.String> validate()

Validate the current construct.

This method can be implemented by derived constructs in order to perform validation logic. It is called on all constructs before synthesis.

Overrides:

validate in class Construct

Returns:

An array of validation error messages, or an empty array if the construct is valid.

getDescription

public java.lang.String getDescription()

The description of this policy.

getDocument

public PolicyDocument getDocument()

The policy document.

getManagedPolicyArn

public java.lang.String getManagedPolicyArn()

Returns the ARN of this managed policy.

Specified by:

getManagedPolicyArn in interface IManagedPolicy

getManagedPolicyName

public java.lang.String getManagedPolicyName()

The name of this policy.

getPath

public java.lang.String getPath()

The path of this policy.